Israel is a democracy committed to the protection of human rights while at the same time trying to contain uniquely difficult national security concerns. One area where this tension is manifest is government access to communications data. On the one hand, privacy is a constitutional right protected by a Basic Law, legislation and Supreme Court jurisprudence; on the other hand, communications data are a powerful tool in the hands of national security and law enforcement agencies.
This article examines Israel's attempt to balance these competing interests by empowering national security agencies while at the same time creating mechanisms for accountability. It describes the recent decision of Israel's Supreme Court to uphold the validity of the Communications Data Act, which was enacted in 2007 to provide law enforcement authorities with access to communications data, despite its infringement on the constitutional right to privacy.
It explains how Israel utilizes the special independent status of the Attorney General as a check on government power.
National legal context and fundamental principles
Israel is a parliamentary democracy with a system of checks and balances between the legislative branch (the ‘Knesset’, or parliament); the executive branch (the ‘Memshala’, or government); and a strong judiciary. Its constitution is compiled of a series of ‘Basic Laws’ setting forth the structure of and relations among the institutions of power as well as some of the fundamental human rights. Under a 1995 Supreme Court decision, these Basic Laws enjoy constitutional status, enabling the judiciary to strike down inconsistent legislation.1 Also sharing constitutional status are a number of fundamental human rights not enumerated in the Basic Laws, including equality, freedom of speech, and freedom of religion.2
When analysing human rights in Israel, two important preliminary observations must be made: First, a distinction must be drawn between ‘Israel proper’ and the territories that it has occupied since 1967. While ‘Israel proper’ is a democracy strongly committed to human rights, the occupied territories are in a state of belligerent occupation and subject to a military regime. This article analyses the legal situation strictly in ‘Israel proper’, an analysis which has no bearing on the situation in the occupied territories. It is important to note that while described as a Jewish state in its Declaration of Independence, Israel includes large religious and ethnic minorities, namely Muslims (approximately 20 per cent of the population and 80 per cent of non-Jews), Christians, and Druze, some of which claim de facto discrimination.3
Second, since its inception in 1948, Israel has been in a state of war with some or all of its neighbours, and has undergone waves of fierce terrorism targeting the civilian population. This means that more than most Western democracies, Israel has to balance its pursuit of human rights with a need to defend national security, fight terrorism, and occasionally engage in full-scale war. Accordingly, national security considerations have had a profound impact on Israeli constitutional and legal discourse; at the same time, they have not upended the rule of law nor completely displaced fundamental rights. On more than one occasion, the Israeli Supreme Court reaffirmed its commitment to the rule of law even in cases pitting strong national security interests; for example, outlawing torture in interrogations;4 or displacing the military-erected security barrier.5 In one landmark case, Supreme Court Chief Justice Aharon Barak wrote: ‘there is no security without law; the rule of law is a component of national security’.6
Constitutional and statutory overview
The constitutional right to privacy
Section 7 of Basic Law: Human Dignity and Freedom (1992) (the ‘Basic Law’) states: In several key decisions, the Israeli Supreme Court stressed that the right to privacy is a basic constitutional right.8
All persons have the right to privacy and to intimacy.
There shall be no entry into the private premises of a person who has not consented thereto.
No search shall be conducted on the private premises or body of a person, nor in the body or belongings of a person.
There shall be no violation of the confidentiality of the spoken utterances, writings or records of a person.7
Like all other fundamental rights, the right to privacy is not absolute. It is subject to the so-called ‘limitation clause’ in section 8 of the Basic Law, which states: ‘There shall be no violation of rights under this Basic Law except by a law befitting the values of the State of Israel; enacted for a proper purpose; and to an extent no greater than is required’. Any legislative or executive action is subject to this constitutional instruction; if it restricts the right to privacy, it will survive only if it passes scrutiny under the limitation clause.
For example, in Association for Civil Rights in Israel v Minister of Interior (2004), the Israeli Supreme Court struck down as unconstitutional public sector data sharing practices although such data sharing had been authorized by statute.9 The Supreme Court ruled that data transfers were overly broad and had a disproportionate effect on individuals' privacy rights. It held that data transfers must be restricted by regulations specifying the precise recipients of data, data uses, and data security measures. It provided that transfers of data from government to private sector financial institutions must be expressly authorized by primary legislation; anti-money laundering provisions in secondary regulations did not suffice.
In Plonit (Jane Doe) v National Rabbinical Court (2006), the Israeli Supreme Court held that ‘the right to privacy is one of our most important fundamental rights. It is one of the freedoms shaping the democratic character of Israel's legal system. Its roots run deep in our Jewish heritage. It is mandated by Israel's values as a Jewish and democratic state.’10 These holdings were reiterated in Rami Mor v Barak ETC (2010), a case in which the Supreme Court refused to issue an order to an Internet service provider to unmask a John Doe defendant, holding that the constitutional right to privacy entails a right to anonymity.11 Justice Eliezer Rivlin stated:
The shattering of the ‘illusion of anonymity’ in a reality where a user's sense of privacy is a myth may raise associations of a ‘big brother’. Such an infringement of privacy must be minimized. Anonymity shelters must be preserved within reasonable boundaries as they constitute an important aspect of Internet culture. To a great extent, anonymity makes the Internet what it is, and without it freedom in the virtual space would be mitigated. The prospect of tracking those in the virtual space would have a stifling effect on their behavior.
In Issakov-Inbar v State of Israel (2011), the Israeli National Labor Court severely restricted employers' ability to monitor employees' email correspondence, holding that given the constitutional status of the right to privacy, exemptions to the Privacy Protection Act, 1981 (PPA), must be interpreted narrowly.12 In its opinion, the Court made clear statements about the suspect nature of employee consent and mandated implementation of principles of legitimacy, transparency, proportionality, purpose limitation, access, accuracy, confidentiality, and security.
The statutory right to privacy
Israel has not only constitutional privacy protection but also an omnibus privacy protection statute, the PPA. The PPA applies to both the private and public sector and contains civil, administrative, and criminal rights and obligations. Section 1 of the PPA prohibits infringement of an individual's privacy without that individual's consent. Chapter A of the PPA deals with general privacy protection, listing twelve alternative causes of action for infringement of privacy.13 Especially pertinent in the context of communications data are Section 2(1) of the PPA, which refers to ‘spying on or trailing a person in a manner likely to harass him …’; Section 2(2): ‘listening-in prohibited under any law’; Section 2(5): ‘copying or using, without permission from the addressee or writer, the contents of a letter or any other writing not intended for publication …’; and Section 2(9): ‘using, or passing on to another, information on a person's private affairs otherwise than for the purpose for which it was given’. An infringement of privacy constitutes a civil tort and, if intentional, a criminal offence.
Section 19 of the PPA provides an exemption from liability under Section 2 for ‘security services’, defined to include the police, military intelligence (known according to its Hebrew acronym ‘Aman’), the General Security Service (GSS) (known according to its Hebrew acronym as ‘Shin Bet’ or ‘Sahabak’),14 and the Institute for Intelligence and Special Operations (known according to a shorthand version of its Hebrew name, ‘Mossad’).15 It states: Non-government entities, such as telecommunications providers, which cooperate with a security service or law enforcement agency while compromising the privacy of their customers, can rely for a defence on Section 19(a) above as well as on Section 18(2)(b) of the PPA, which states that ‘[i]n any criminal or civil proceeding for infringement of privacy, it shall be a good defense if … (2) the defendant or accused committed the infringement in good faith and in any of the following circumstances: … (b) the infringement was committed in circumstances in which the infringer was under a legal, moral, social or professional obligation to commit it’.
No person shall bear responsibility under this Act for an act which he is empowered to do by law.
A security authority or a person employed by it or acting on its behalf shall bear no responsibility under this Act for an infringement reasonably committed within the scope of their functions and for the purpose of carrying them out.”
Informational privacy is further regulated by Chapter B of the PPA, Israel's data protection statute. Recently recognized by the European Commission as providing ‘adequate’ protection under EU data protection law,16 Chapter B of the PPA establishes a procedure for database registration17 and sets forth informational privacy principles including transparency;18 purpose limitation;19 security;20 confidentiality;21 access and rectification;22 and restrictions on cross-border data flows.23
Significantly, Section 32 of the PPA provides an evidentiary exclusionary rule pursuant to which (subject to certain narrow exceptions) ‘material obtained by the commission of an infringement of privacy shall not be used as evidence in court without the consent of the injured party’. This provision was used to quash evidence obtained from a suspect by use of force;24 by a party illicitly copying a counterparty's computer hard disk;25 and by a husband covertly photographing his wife in an intimate situation with another man.26 A separate provision is used to disqualify evidence obtained through an illicit or improperly authorized wiretap.27
Facilitating government surveillance
Similar to the Communications Assistance for Law Enforcement Act (‘CALEA’) in the USA, Section 13 of the Israeli Telecommunications Act (Telephone and Broadcast), 1982 (the ‘Telecommunications Act’) empowers government officials to provide ‘instructions’ to telecommunications operators to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities.
Under Section 13 of the Telecommunications Act, the Prime Minister, after consulting with the Minister of Communications and based on a request by the Minister of Defence, Minister of Domestic Security, the GSS or the Mossad, can issue instructions to a telecommunications licensee with respect to ‘the installation of equipment, performance of a telecommunications service, or ensuring technological compatibility to telecommunications equipment … including the provision of access to equipment, as much as necessary to perform the roles of the security services or exercise their legal authority’.28 Section 13(a) of the Telecommunications Act defines a ‘security service’ to include the Israel Defence Forces, GSS, Mossad, Police, and Prison Service. A licensee is defined broadly through a complex set of definitions in Section 1 of the Telecommunications Act29 to include any fixed-line or cellular operator, ISPs as well as broadcast licensees (cable and satellite operators).
Under Section 13(d) of the Telecommunications Act, the Prime Minister's instructions under Section 13 are secret. Section 13(e) of the Telecommunications Act provides immunity from civil or criminal liability (for example, for infringement of privacy) to a licensee and its employees for complying with an obligation thereunder. The payment by the government to a licensee for services rendered in accordance with Section 13, always a contentious issue, is regulated by Section 13(c) of the Telecommunications Act, which provides:
The payment for services rendered or actions taken according to subsection (b) … will be determined in an agreement between the relevant security service and the licensee based on reasonable expense reimbursement and taking into account the exiting price for the services rendered; in the absence of an agreement, the payment will be determined by a person appointed by the Attorney General …
Wiretapping, or lawful intercept, is regulated in Israel under the Wiretap Act, 1979. The Wiretap Act generally prohibits wiretapping and sets rules for lawful intercept by law enforcement and national security agencies. It defines a ‘conversation’ as including not only voice communications but also ‘communications between computers’. It defines a wiretap as listening in to a conversation using a device without the consent of either party to the conversation.30
A series of court decisions and instructions by the Attorney General weighed whether the capture or interception of certain synchronous or asynchronous communications such as email messages, text messages, and voicemails, constitutes a ‘wiretap’ or rather a ‘search’, which is subject to less restrictive legal process. The general thrust of these cases is that the capture of voicemail,31 text messages,32 or emails on a suspect's device constitutes a search; while the interception of such messages in transit, for example on an ISP server, constitutes a wiretap.33 Nevertheless, the Supreme Court has not yet confronted these issues and the Attorney General continues to view the capture of any asynchronous communication, even on an ISP's server, as a search.
Lawful intercept by the police is allowed pursuant to a warrant issued by a President or Vice-President of a District Court.34 A broader mandate is provided to security services, defined as military intelligence or the GSS. A security service may obtain a permit for a wiretap from the Prime Minister or the Minister of Defence (in this Act, the ‘Minister’) without judicial oversight. Under Section 4 of the Wiretap Act, ‘the Minister may authorize a wiretap in writing if requested to do so in writing by the head of a security service and if he is convinced, after giving due weight to the infringement of privacy, that it is necessary for national security’. Sections 4(b)–(c) of the Wiretap Act describe the specifics that must be found in a Minister's permit, including the identity of the individual or device whose communications will be intercepted; the location of the conversations; and the duration of the monitoring (not to exceed three months, subject to periodic extension). However, the requirement to specify such details is qualified by the phrase—‘all if they are known in advance’. This implies that the Minister may in fact issue general wiretapping permits—a broad mandate, which severely impacts potential targets' privacy rights. In urgent cases, the head of a security service may himself authorize a wiretap for a period no longer than 48 hours; subject to providing immediate notice to the Minister, who is then authorized to revoke such a wiretap.35
While not subject to judicial oversight, national security wiretap permits are reported quarterly to the Attorney General;36 and the number of such permits is reported annually to a special parliamentary committee convening behind closed doors.37 Additional issues regulated by the Wiretap Act include the manufacturing, import, and possession of wiretapping equipment;38 data retention and deletion requirements for material obtained through a legal wiretap;39 the wiretapping of communications subject to evidentiary privileges;40 and the admissibility of evidence obtained through an illegal or improperly authorized wiretap.41 Generally, such evidence is inadmissible; yet certain exceptions apply, namely ‘in a criminal proceeding for a serious felony, if a court decided to admit the evidence after having been convinced … that the interest in reaching the truth outweighs the interest in privacy’.42 An additional requirement for admissibility in these cases is that ‘an improperly authorized wiretap performed by a person who is in place to obtain legal authorization will be inadmissible, except if performed in good faith due to an error based on apparent legal authorization’.43 A 1995 amendment to the Wiretap Act provides that ‘evidence obtained by a lawful wiretap will be admissible in a criminal proceeding to prove any offense’, meaning not just the offence for which the permit was sought but any other offence discovered in the process.44
In the past few years, two high level inquiries were conducted into police (but not national security) use of wiretapping, one by a parliamentary committee and the other by the State Comptroller. These investigations were motivated, among other reasons, by high profile irregularities in the police use of wiretapping, including in the case of a government minister suspected of sexual misconduct. The parliamentary committee issued a public report in January 2009, proposing legislative amendments as well as internal rules and regulations on quality control, data deletion, incidental capture of a call subject to an evidentiary privilege, transparency, and more.45 Some of the proposed amendments were included in a government sponsored bill submitted to parliament in 2009 and still making its way through the legislative process.46
The State Comptroller issued its report in June 2010, sharply criticizing the police for its lack of sufficient guidelines and for violations of those guidelines that do exist.47 The State Comptroller's report included detailed information about the volume of wiretapping permits issued to the police (but not security services). For example, in 2004, the police petitioned the courts 962 times for wiretap permits; only 3 petitions were turned down; similar numbers were disclosed for the next 4 years.48 These figures appear high compared to those in other Western democracies such as the USA, which has a population 50 times larger than Israel's yet had only 1,773 wiretap permits in 2005; or the UK, with a population 10 times larger than Israel's, and 1,983 wiretap permits.49 In addition, the State Comptroller expressed concern with the apparently common police practice of obtaining authorization for a wiretap based on the investigation of a serious felony, only to later use the evidence to prosecute a lesser offence.
In 2007 the Knesset enacted a new statute regulating law enforcement access to communications data, the Criminal Procedure Act (Enforcement Powers—Communications Traffic Data), 2007 (the ‘Communications Data Act’). Until then, law enforcement access to communications non-content data was moderated by an arcane provision of a criminal procedure statute dating back to the 1930s, when Israel (then, Palestine) was subject to a British mandate (1917–1948), entitled ‘seizure of an object’.50
Predating the Communications Data Act, access to communications non-content data by the GSS is regulated by a specific provision in the General Security Service Act 2002 (GSSA). The passage of the Communications Data Act was accompanied by intense public debate, including more than a dozen multi-stakeholder parliamentary hearings. In the process, the new statute was dubbed the ‘Big Brother Law’ in the press and its validity was challenged on constitutional grounds in the Supreme Court.51 This stands in stark contrast to the GSSA, which confers far broader powers to the GSS without any judicial scrutiny, and yet passed through parliament with little pushback. Several reasons could potentially explain the public acquiescence with the GSSA: first, in 2002 the mobile age (not to mention the mobile Internet) was just dawning; the public was unaware of the potential privacy impact of communications data, which up to that point were perceived as a simple ‘pen register’ of calls.52 Second, the GSSA was enacted in the midst of the second Intifada; Israel was awash with horrifying terrorism and the public sought a strong GSS. Third, the GSS, like the Mossad and Aman, have always enjoyed special status in Israeli society, far less prone to public criticism or judicial oversight than the police or public prosecution.
Law enforcement access
The Communications Data Act defines ‘communications data’ as ‘location data, subscriber data, and traffic data; as long as these do not include contents data’.53 As discussed above, access to contents data continues to be regulated by the Wiretap Act. The Communications Data Act sets forth three tracks for law enforcement access to communications data. First, under Section 3 of the Communications Data Act, the police, as well as a list of enumerated law enforcement agencies,54 can petition a Magistrates Court for authorization to obtain communications data in order to save or protect the life of an individual; to uncover, investigate, or prevent a crime; to apprehend and prosecute a criminal; or to confiscate property under the law.55 The term ‘crime’ is defined broadly to include not only a felony but also a misdemeanor—drawing sharp criticism from privacy and human rights activists. Section 3(g) of the Communications Data Act provides that ‘in its decision and in determining the period of time for access to communications data, the court will bring into consideration … the degree of infringement of individual privacy, the severity of the crime, whether the individual is a professional benefiting from an evidentiary privilege, and the type of communications data sought’.
The second track allows for access in urgent cases without a court order under an internal administrative process. Under Section 4 of the Communications Data Act, a senior police officer may issue an urgent order, which is effective for 24 hours, ‘if such an order is necessary to prevent a felony or apprehend a felon or to save the life of an individual and there is insufficient time to petition a court for a Section 3 order’.56 The Communications Data Act requires the police to report periodically to the Attorney General and to a parliamentary committee the number of Section 4 orders issued.57 Both Section 3 court orders and Section 4 urgent administrative orders are addressed at telecom operators, which must comply promptly. Section 3(i) provides that the reasons specified by a court for a Section 3 order will not be disclosed to the telecom operator. Telecom operators are bound to secrecy under Section 5 of the Communications Data Act, which provides that ‘[a] telecom provider or its employee will not disclose to a subscriber or any other person the transfer of communications data to the police or any other enforcement agency, except if ordered to do so by a court’.58 Section 15 of the Communications Data Act amended the Wiretap Act, authorizing the court or an official issuing a wiretap permit to also authorize access to communications data.59
In cases involving a professional benefiting from an evidentiary privilege (eg a lawyer, physician, or journalist), section 3(b) of the Communications Data Act restricts a court's authority to grant access to communications data to only those cases where the professional himself is ‘involved in a crime’.60 Oddly, a similar restriction is missing from section 4 of the Communications Data Act, which regulates urgent administrative orders. This apparent lacuna was discussed extensively in the Supreme Court's analysis of the statute.
The third track authorizes the police to require a telecom operator, defined for the purposes of this section as strictly a fixed line or cellular operator (ie, not an ISP), to turn over an updated file containing (a) the identifying details of all of its subscribers61 including unique device identifiers for their phones or parts thereof; and (b) information concerning the mapping of its cellular antennas, including identifying details for each antenna and its area of coverage.62 Under Section 7 of the Communications Data Act, the police must maintain the security and confidentiality of the database established under Section 6, including logging access and not using the data for any purpose except those authorized under Section 3.
The Communications Data Act authorizes the Minister of Domestic Security to issue regulations governing the maintenance of the Section 6 database. Such regulations require the approval of the parliamentary Constitution, Law and Justice Committee. In August 2008, the Minister of Domestic Security presented draft regulations to the parliamentary committee. The proposal was met by stiff resistance after discussions at the hearing revealed apparent abuses of power by the police. For example, Cellcom, Israel's largest cellular operator, revealed that as a matter of practice the police required access to data items not explicitly enumerated in the Communications Data Act and generously exercised its authority to issue urgent administrative orders.63 Despite the initial resistance, the regulations were put in place in December 2008.64
In April 2008, the Association for Civil Rights in Israel (ACRI) petitioned the Supreme Court to declare parts of the Communications Data Act unconstitutional, a disproportionate infringement of the constitutional right to privacy. The Supreme Court decided to hear the case in an expanded panel, usually reserved for weighty constitutional issues. In its petition, ACRI focused its criticism on three aspects of the law: first, it argued that permitting access to communications data in the context of misdemeanors is overly broad; it requested that the court limit access to cases of serious felonies. Second, ACRI argued that the test for providing a judicial order under Section 3 is too loose, enabling the police to obtain orders for the purpose of intelligence gathering without probable cause for a specific crime. Third, ACRI argued that a police officer's power to issue an urgent administrative order under Section 4 must not extend to cases involving a professional benefiting from an evidentiary privilege. Finally, ACRI argued that the database established under Section 6 of the Communications Data Act must exclude details of individuals who opted out of caller identification.
Pursuant to the submission of the ACRI's petition, the Israeli Press Council asked to join as petitioner and the Israeli Bar, which enjoys the membership of more than 50,000 lawyers, filed a separate petition, which the court combined with the main petition. In its petition, the Israeli Bar emphasized the need to craft a specific solution for urgent administrative orders addressed at professionals subject to evidentiary privileges. In addition, it argued that unlike the PPA and the Wiretap Act, the Communications Data Act lacks a provision rendering improperly obtained evidence inadmissible at trial.
In May 2012, the Israeli Supreme Court denied the petitions and upheld the validity of the Communications Data Act, despite recognizing its infringement on privacy.65 In a 97 page decision, the court analysed the legislation under the constitutional ‘limitation clause’, finding that it was enacted for a proper purpose and restricted constitutional rights ‘to an extent no greater than is required’. At the same time, the court set forth strict criteria for implementing law enforcement access to communications data under each of the statutory tracks. In addition, the court emphasized the accountability of law enforcement authorities to oversight by the Attorney General and by parliament.66
In its decision, the court recognized the privacy invasive nature of government access to communications data, at one instance citing French philosopher Michel Foucault for the proposition that the mere spectre of surveillance has a stifling, disciplinary effect.67 However, the court emphasized that limiting the capacity of law enforcement authorities to exploit such investigative resources would significantly weaken their capacity to combat criminals, who have become increasingly technology savvy. The court expressed a strong preference to uphold the validity of legislation, even if it clashes with constitutional rights, as long as it could strike a satisfactory balance through reasonable statutory interpretation.68
With respect to Section 3 court petitions, the court held that such petitions could be intended to investigate misdemeanors; yet must be limited to the investigation of specific suspects or crimes as opposed to general intelligence gathering (which the court once characterized as ‘fishing expeditions’).69 The court held that urgent administrative orders under Section 4 also meet the requirements of the constitutional limitation clause. While authorizing law enforcement to access communications data without judicial oversight, Section 4 is restricted to orders by only the police and military police (ie, not by any of the other law enforcement agencies which are authorized to petition a court under Section 3); investigating strictly a felony; where there are grounds for urgent action; and when access is limited to a period of no longer than 24 hours. The court required, however, that law enforcement authorities implement their Section 4 powers with careful discretion and abide by the requirements of not only Section 4 but also Section 3 of the Communications Data Act.
The court split over the authority of law enforcement to order access to communications data of professionals benefitting from an evidentiary privilege. The majority opinion, written by Chief Justice Dorit Beinisch and supported by five justices, held that with the exception of journalistic privilege, evidentiary privileges are intended to protect only the contents of communications and are therefore not compromised by access to communications data. Journalists, in contrast, must protect the confidentiality of their sources, and should therefore be immune from Section 4 urgent administrative orders, except in cases where they themselves are suspects or victims of a crime. The reasoning is that only a court acting under Section 3 is authorized to curtail an evidentiary privilege. The minority opinion, written by Justice Hanan Meltser, viewed lawyers' or physicians' confidentiality as compromised not only by the surveillance of contents but also by access to communications data.70 According to Justice Meltser, law enforcement authorities should never be allowed to issue Section 4 urgent administrative orders in cases involving an evidentiary privilege.
The majority opinion was based partly on its review of a policy put in place by the police to implement the Communications Data Act. The court reviewed the policy and stressed that it is commensurate with its notions of proportionality and fairness, diminishing concerns of administrative overreach. Justice Meltser's minority opinion criticized this approach, stating that an internal policy document should not be relied upon to assess the constitutionality of legislation. Justice Meltser warned that law enforcement could conceivably change its policies periodically or renege on its obligations and criticized the suspect nature of such an internal document as ‘secret law’.71
The Justices were united in denying the petition on grounds of the Section 6 database including details of individuals who opted out of caller ID.72 Similarly, the court unanimously rejected the Israeli Bar's claim that lack of an evidentiary exclusion provision renders the statute voidable under the ‘limitation clause’.73
Security services access
As discussed above, the GSS enjoyed broad access to communications data even before the enactment of the Communications Data Act. In the 1990s, the Government of Israel decided to enact a law regulating the status and powers of the GSS, which until then operated based on government decisions and without legislative mandate.74 Years of preparatory work by the legal department of the GSS and the Ministry of Justice led to the enactment of the GSSA in 2002.75 The GSSA treads a path between ‘skeletal’ national security agency statutes, such as the UK's,76 and voluminous, detailed laws, such as Australia's.77 While not addressing thorny issues such as the use of force in interrogations, the GSSA does feature a specific provision on access to communications data.78 Section 11 of the GSSA provides: The GSS access powers under section 11 of the GSSA apply to data held by ‘licensees’, under the Telecommunications Act. As discussed above, a licensee is defined broadly in the Telecommunications Act to include fixed line or cellular operators, ISPs as well as broadcast licensees (cable and satellite operators).80
in this section:
‘Licensee’—as defined in Section 13 of the Telecommunications Act (Telephone and Broadcast), 1982.
‘Data’—including communications data, except contents data as defined in the Wiretap Act, 1979.
The Prime Minister may set forth rules determining that categories of data found in databases of a licensee are required for the GSS for performing its roles under this law and that the licensee must transfer such categories of data to the GSS.
Any use of data found in a database according to subsection (b) is subject to a permit issued by the Head of the GSS after being convinced that the data are required for the GSS for performing its roles under this law; the permit will specify, inasmuch as possible, details concerning the data sought, the purpose for which they are sought, and the database in which they are found; the permit will be limited in duration for a period not greater than 6 months; except that the Head of the GSS may periodically extend this period.
The Head of the GSS will report quarterly to the Prime Minister and the Attorney General, and annually to the parliamentary committee for GSS matters, about permits issued and data used under this section; reporting details will be set in rules.
The Prime Minister will promulgate rules regarding the retention by a licensee of categories of data according to subsection (b) for a period that he determines and the transfer of categories of data to the GSS; the Prime Minister will determine in rules agreed upon by the Minister of Justice provisions regarding the storage and security of data transferred to the GSS under this section and deletion or destruction of data that are no longer necessary.
Section 13(e) of the Telecommunications Act will apply to the performance of obligations under this section.79
Section 11(b) grants the Prime Minister almost unfettered authority to promulgate rules setting forth categories of communications non-contents data, which a licensee must transfer to the GSS. Such rules were in fact put in place by the Prime Minister yet their content remains secret in accordance with Section 19(a)(1) of the GSS.81 Under Section 11(c) of the GSSA, the Head of the GSS has broad powers to permit the GSS to access or use those categories of data, which the Prime Minister specified in his rules. Indeed, the only condition qualifying both the Prime Minister's and Head of GSS's respective authority is that the communications data ‘are required for the GSS for performing its roles under this law’. The communications data subject to the GSS authority include any data held by a licensee with the notable exception of communications contents.82
To counterbalance these broad powers, the GSSA sets forth certain transparency requirements. First, under Section 11(c) of the GSSA, the Head of GSS must specify in each permit details concerning the data sought; the purpose for which they are sought; and the database in which they are found. However, even this requirement is tempered by a modifier—‘inasmuch as possible’, which effectively allows for much less detailed permits. In addition, each permit is limited in duration for a period of no longer than six months; yet such a term may ostensibly be extended time and again, indefinitely. More significantly, under Section 11(d) of the GSSA, the Head of GSS must report periodically to the Prime Minister and the Attorney General (quarterly) and to the parliamentary committee for GSS matters (annually) about permits issued and data used under Section 11. These reporting requirements, while not public or subject to judicial oversight, are significant, as they are made to the highest officials in the executive branch (the Prime Minister) and the government legal service (the Attorney General); as well as to the legislative branch (the parliamentary committee).
Although formally part of the executive branch, the Attorney General enjoys a unique status in Israel's constitutional and administrative system. He is the sole legal counsel to the Government and head of the general prosecution. His advice to the government is binding. He provides guidance to the Government ministries' legal advisors, who are subject to the authority of the Attorney General even where his position conflicts with that of their responsible government minister.
Elyakim Rubinstein, a former Attorney General and current Supreme Court Justice, explains:
A written directive by the Attorney General instructs the Government ministries to abide by legal opinions; the legal advisor's opinion binds the ministry; the Attorney General's advice binds the government subject, of course, to court decisions.83
In court, the Government cannot be represented by outside counsel without the agreement of the Attorney General, which is very rarely given. The Attorney General is a non-political, professional appointment selected by a search committee chaired by a former Supreme Court Justice. A candidate for Attorney General must himself be eligible to become a Supreme Court Justice.
As a measure of the Attorney General's autonomy and isolation from political influence, consider that as head of the prosecution, Israel's latest Attorney General Meni Mazzuz indicted an acting President (Moshe Katzav, convicted of rape and sentenced to 8 years in prison); Prime Minister (Ehud Olmert, charged with corruption, forced to resign, and currently standing trial); Minister of Finance (Avraham Hirschzon, convicted of corruption and sentenced to 5.5 years in prison); and Minister of Justice (Haim Ramon, convicted of sexual misconduct and sentenced to community service).
By imposing strict reporting requirements to the Attorney General, the GSSA strikes a balance between granting the GSS broad powers and imposing some degree of accountability. This balance may not be optimal—given the isolation of the process from public or judicial scrutiny. Yet this arrangement is nontrivial considering that in some Western democracies the degree of engagement of the security services with the government legal service may not be as strong, and the government legal service itself not as independent.
Section 11 of the GSSA provides immunity from civil or criminal liability to a licensee and its employees for complying with an obligation to provide access. A similar provision does not appear in the Communications Data Act. This means that a telecom operator or its employees complying with an order under the Communications Data Act must rely on the exemptions in Sections 18(2)(b) or 19(a) of the PPA or Section 6 of the Torts Ordinance (New Version), which provides a blanket immunity from tort liability for non-negligent acts or omissions mandated by a legal obligation or based on a good faith belief in the existence of such an obligation.
Finally, it is important to note that only the GSS is entitled to access communications data for national security purposes under the GSSA; the regime does not apply to additional national security agencies such as the Mossad or Aman, particularly Unit 8200 responsible for SIGINT.84 There is no public information available concerning these agencies' access to domestic communications data, if any.
Unlike the EU,85 Israel does not have a general data retention statute. This means that telecom operators could ostensibly delete communications data promptly after using them for billing purposes. Indeed, a possible interpretation of the purpose limitation provisions in the PPA86 is that such deletion is required by privacy law. To this end, Section 11(e) of the GSSA authorizes the Prime Minister to promulgate rules ‘regarding the retention by a licensee of categories of data according to subsection (b), for a period that he determines’. As discussed, such rules, if they have been put in place, remain secret. A similar provision is not found in the Communications Data Act, raising doubts whether telecom operators must (or even may) retain data if not required to do so under the Prime Minister's national security rules.
The question of whether telecom providers are required (or indeed allowed) to retain communications data arose in the Amir Liran v Pelephone case.87 The plaintiff, a lawyer, requested that his two cellular operators delete his communications data after he settled his account. To assure the cellular operators he was not going to challenge their bills at a later stage, Liran was willing to execute a waiver of claims. He argued that retention of his communications data without a specific purpose infringes his privacy rights under the PPA. The Attorney General, who has authority to intervene in litigation in order to represent the public interest, submitted a brief in the case arguing that the Communications Data Act should be interpreted to permit data retention ‘for a reasonable period of time’. The Tel Aviv District Court accepted the Attorney General's argument, holding that absent a specific obligation to delete communications data, telecom operators were permitted to retain them. This decision was criticized by commentators, including the current author, who argued that the court misinterpreted the balance struck by the PPA between individual rights and legitimate business interests, and failed to take account of the constitutional status of the right to privacy.88
The mechanics of data transfers
What are the mechanics of data transfers from telecom operators to law enforcement and security services? Are transfers moderated by an employee of the telecom operator or are data flows under the control of GSS operatives? Is the ‘switch’ to the ‘pipe’ in the hands of the telecom company or the security service? Who pays for retention and use of stored communications data? While technical in nature, the answers to such questions often determine the level of protection provided to individuals' privacy rights. In practice, human rights are often effectively protected by detailed procedures and protocols (otherwise viewed as government bureaucracy) and are more easily compromised in their absence.
In Movement for Freedom of Information v Ministry of Communications, the Israeli Movement for Freedom of Information (the ‘Movement’), an NGO, petitioned an administrative court under the Freedom of Information Act, 1998 (FOIA), to order the State to make public the ‘secret annexes’ (also known as the ‘security annexes’) to the licences of cellular operators and ISPs.89 The Movement argued that when the government awards cellular operators and ISPs with operating licences, it annexes secret rules regulating access of the GSS to such operators' databases. The Movement stated that even as parliament debates the details of the draft (at the time) Communications Data Act, the GSS enjoys unrestricted access to similar data without judicial oversight or public scrutiny. The Movement argued that while specific uses or data categories may warrant secrecy, there is no reason to conceal from the public the very fact that government access exists. The government resisted the FOIA request and the petition, arguing that the annexes do not provide the GSS with surveillance powers, but rather set forth technical specifications for operating the ‘pipe’ through which the data are channelled strictly where access to data is authorized by law.90 After having reviewed the ‘secret annexes’ and heard the Government's arguments ex parte in closed chambers, the court confirmed that the annexes contain strictly technical specifications as opposed to legal mandates and suggested that the Movement withdraw the appeal, which it did.91
An additional question concerns payment for retention and use of stored communications data. Section 10 of the Communications Data Act provides that ‘a licensee is entitled for reimbursement of expenses related to the transfer of communications data to the police or another investigating authority under Sections 3, 4, or 9, as well as for the transfer of a file under Section 6, in an amount determined by the Minister of Communications. … The amount reimbursed shall be based on recovery of reasonable expenses’. Some commentators believe that this provision was the motivating force for the enactment of the Communications Data Act, since before the legislation came into force the telecom operators charged the police high fees to perform similar services.92 During the legislative hearings, one Member of Parliament suggested intentionally setting a high fee in order to temper the police's zeal to obtain data, thereby protecting individuals' privacy through a prohibitive cost structure.93
Israel regulates government access to communications data through four legislative instruments: the Wiretap Act, which deals with interception of communications contents; the Telecommunications Act, which deals with compatibility to surveillance technologies; the GSSA, which deals with GSS access to communications data; and the Communications Data Act, which deals with such access by law enforcement authorities. In all cases, broad powers are conferred to the executive branch in the context of national security, reflecting Israel's unique challenges in this space. At the same time, mechanisms for accountability are put in place through periodic reporting requirements to parliament and to the Attorney General.