Text size

It's especially easy today to track down identity card numbers and personal information online, given the availability of file-sharing sites such as eMule and BitTorrent.

The moment that files begin to circulate on these sites, they pass the point of no return. There is no technological method to prevent their dissemination, explains Dr. Yuval Karniel, an expert on Internet issues at the Herzliya Interdisciplinary Center.

Karniel clarifies that "the fact that a database is broken into, and information from it becomes available to the public, does not mean that using this data is permissible."

"This is particularly true when the user knows, or ought to know, that the information they are accessing is actually data whose use constitutes an infringement of privacy," Karniel said.

But Dr. Nimrod Kozlovski, an authority on law and technology, explains that for a long time nothing was done to make clear to hackers that the use of such personal information is forbidden.

"The fact that the Israeli Population Registry did not find cause to inform the public that the retention of such a database and its use is forbidden produced a mistaken legal perception among many people who used this information," he said. "They believed that there is nothing wrong with using this information."

Kozlovski adds that "a large number of private investigators who use this data would say that, had they known that the circulation of the database was illegal, they would never have accessed it."

Dr. Kozlovski reiterates that "the widespread perception" that it is permissible to use this private information is "erroneous." The personal information database "is designed to be held and used exclusively by state agencies," he said.

Kozlovski and Karniel say that the moment the database was posted on the Internet, there was no putting the genie back in the bottle.

"There's no way now to track down these private investigators and companies which made use of the information," Karniel said. "This difficulty applies to the Population Registry, and also to the biometric database."

Kozlovski says there are numerous defense technologies that can hide personal information databases from unauthorized users. Also available is protective technology for monitoring information that is extracted from a database.

The state, however, has neglected to utilize these defense technologies, he said. "If we continue to use the sloppy system in which government databases that include sensitive personal information are not protected by suitable technologies, we have no right to expect that legal codes regarding the right to privacy will suffice as protection," he said.