The team investigating the phone-tapping scandal that rocked Israel last winter said the police broke the law in obtaining information from Israelis’ smartphones and did not inform the Justice Ministry, but they did not engage in illegal hacking.
The government-appointed investigators did not detail the methods the police used, but they said in a report Monday there was no indication that the police illegally hacked the phones of Israelis mentioned in the media using the Pegasus spyware of the Israeli company NSO Group.
The team said, however, that the police gained access to information that they were not legally allowed to have such as calendar entries and phones' contact lists.
In February, the Calcalist business daily reported that the police hacked the phones of Israeli public figures including government employees and associates of former Prime Minister Benjamin Netanyahu, often without a court order. The allegations set off a political firestorm, and a team headed by Deputy Attorney General Amit Merari was appointed to investigate.
- NSO File: A Complete List of Individuals Targeted With Pegasus Spyware
- In First, Israel Police Admit Misuse of NSO Spyware
- White House 'deeply concerned' over any deal for infamous Israeli spyware maker NSO
Pegasus has been sold to intelligence agencies around the world, exploiting unknown loopholes in WhatsApp, iMessage and Android. The spyware has allowed the group’s clients to potentially gain full access to any smartphone – in some cases without the owner even clicking or opening a file.
Earlier this year, the government-appointed team said it had conducted a thorough probe regarding the phone numbers of a former director general of the transportation and finance ministries, Keren Terner-Eyal, a former director general of the Finance Ministry, Shai Babad, and a former director general of the Justice Ministry, Emi Palmor.
Regarding claims that the police used Pegasus to infect phones without a warrant, the team found “no indication” that this was true, according to the report released Monday. A few cases were found in which the police tried to go beyond the warrant's stipulations, but in those cases, their attempts to infect the phones failed, “so no product was obtained in any case.”
The investigators said the police could be allowed to continue using the technology in question, but “subject to its excess technological capabilities being neutralized.”
They said the system that the police currently possess lets them obtain “certain kinds of products that the police have no authority to obtain under the Wiretapping Law.” This includes information on people’s cellphones that predates the warrant permitting the phone tapping.
The system also allows the police to obtain information such as calendar entries, a list of apps on the phone, the subject’s contact list and notes stored on the device.
“Over the years, due weight has not been given to the extent of the system’s potential capabilities – the very fact that prohibited material enters the police’s cellphones and computer systems and the accessibility of the obtained material on the police’s [computer] systems,” the report said.
It said the police never intended to use the information that they were not legally allowed to have; they even issued regulations to bar such material from being used. Still, “it wasn’t sufficient to put this into the regulations; it was necessary to atrophy these excess capabilities technologically.”
According to the report, the Justice Ministry knew that the police were using spyware but did not know that the system’s capabilities exceeded what the police were allowed to do under the Wiretapping Law.
The police did not inform the ministry of this fact, so the ministry never discussed the issue. Moreover, in all the years when the system was used, the police never consulted the Attorney General’s Office on the matter.