top of page
  • ACRI

Multiple Flaws in the Israel Security Agency’s Database – Regulation and Oversight Required

© Wessel Cirkel |

Section 11 of the General Security Services Law, which slid under the radar at the time without any public discussion, provided the Israel Security Agency (ISA, which is commonly known as the Shin Bet or the Shabak) with excessive permissions in the field of signal intelligence. The law permits the prime minister to establish a vast database via covert regulations, and to require communications companies to transfer communications data to the database on a regular basis. The information stored in the database is vaguely defined – "including communications data and excluding conversational content.”

Over the past year, due to use of the ISA database to combat COVID-19, many details about the database that had been confidential were revealed for the first time, illuminating citizens of its power. We learned that communications data on all citizens is stored on an ongoing basis, allowing the ISA to swiftly locate individuals’ past and present locations, along with an their contacts. This is a powerful tool for mass surveillance, which is also seemingly exceptional in relation to other democratic countries. It severely violates the right to privacy, which is a constitutional right, as well as citizens' right to choose.

An analysis of the database highlights a long list of constitutional flaws in its inception, evident in the manner through which permission is granted to process information therein, along with its oversight and use. Thus on June 7, 2021, ACRI appealed to the Attorney General, demanding that these flaws be rectified. Among other things, we asked the Attorney General to order an end to ongoing reliance on the prime minister's covert regulations for the database’s creation, and that substantive aspects of the database must be determined by the Knesset through the General Security Services Law itself. In particular, the term "information" must be accurately defined, and the law or regulations must determine what information will be stored in the database, for how long, and for what purposes it may be used.

Various publications have indicated ongoing pressure on the ISA to use the database for purposes other than preventive security, including standard law enforcement purposes. We thus requested that the government be instructed that use of the database is prohibited for any purpose that is not within the scope of the ISA’s legal powers, unless a decision to do so is made by an explicitly designated and proportionate law.

The petition notes that deeming use of the database for all ISA needs, is excessively broad. Use of the database for purposes other than countering intelligence, terrorism, or sabotage, is disproportionate, and in general – the database should not be used for security purposes or suitability assessments for public office.

A significant portion of our petition addresses the means through which permission is granted to search the database. ACRI is of the opinion that maintaining the current situation wherein the ISA retains possession of the database; formal receipt of permission to process information is not subject to preliminary authorization by an independent, quasi-judicial body; and there is no thorough retrospective oversight by an independent external body with expertise on the database’s use; would entail a disproportionate violation of the right to privacy. ACRI believes that independent external oversight of the ISA database and processing the information therein, is a necessary condition for ongoing use of the database, and that such an independent supervisory body must urgently be established.

Director of ACRI’s Civil and Social Rights Unit Attorney Gil Gan-Mor, who wrote the appeal, explains: “The past year has raised a series of red flags for us. Use of the ISA database for coronavirus tracking revealed the existence of a powerful, intrusive, and covert mass surveillance project, which allows for all citizens throughout the country to be tracked at all times. Furthermore, the ease with which the database was converted from its use for security objectives to civilian purposes, raises concern. Use of the database to track contacts for several months, normalized such surveillance, leading to our in-depth examination of the ISA database and its use. We found many flaws in the manner in which the prime minister was authorized to create the database, and in the ISA Director’s power to order a search of the database, with nearly no oversight. These flaws are also comparatively grave, in contrast to other democratic countries. Only recently did the European Court of Human Rights reject parts of Britain’s online surveillance programs, although they are anchored in UK legislation in a clearer and more detailed fashion than the ISA database. We are surely aware of security needs, yet such a powerful and covert database that enables surveillance of innocent civilians, must come with clear legal restrictions; significant protections against abuse; and independent external oversight. Almost all of the aforementioned are nearly nonexistent with regard to the ISA database. Our demands, some of which are based on recommendations included in former ISA legal advisor Eli Bahar’s book, are designed to balance security needs with individual rights and the right to privacy, which is essential for the existence of a stable democracy."

On January 20, 2022, we received a response from the Ministry of Justice rejecting our claims. Below is a summary of our claims and the ministry's responses, which express the Attorney General’s position:


bottom of page