Leaked Voter Info and Illegal Electioneering: Inside Netanyahu’s Election Day App

Elector is just one of the election day apps used in Israel. A review reveals how it is used by Likud to get private info. Meanwhile, a data leak from a competing app and party shows how risky election tech can be

Refaella Goichman
Refaella Goichman
Send in e-mailSend in e-mail
Prime Minister Benjamin Netanyahu presents the 'Green passport' app in Eilat, last week.
Prime Minister Benjamin Netanyahu presents the 'green passport' app last week for Israelis vaccinated against coronavirus. His party is using another app, Elector, to collect data on votersCredit: David Bachar
Refaella Goichman
Refaella Goichman

Likud, Israel's ruling party headed by Prime Minister Benjamin Netanyahu, has turned electioneering into a game. Using an app called Elector, Likud posts a "champions list” for those who have sent the party the most names of potential supporters. 

“Omri, my bro! How many Likud supporters have you added to Elector? It’s not enough! Add more!” This is but one of the numerous messages posted on a Facebook page operated by the party, aimed at encouraging supporters to download the app and provide the party with names of voters. 

Elector is only one of several so-called voter-management apps that have become popular in recent election campaigns. Like many others, its use contravenes the privacy laws - as these platforms encourage law-abiding citizens to name names - revealing whether neighbors, friends and relatives are for Likud or against it. The information is uploaded without the approval of the people in question.

The Privacy Protection Authority has repeatedly issued guidelines explicitly stating that the voter registry, to which the parties have access, is meant solely for maintaining contact with potential voters, and it is forbidden to use people’s personal information without their permission. Nevertheless, the parties using these apps flout these guidelines and continue to use voter data for other ends as well as instructing supporters to add more information. 

The Elector app provides parties access to the huge database of eligible voters – 6.5 million Israelis. This in and of itself is still legal; every party is also permitted to augment the data to help their voter turnout efforts. 

However, a review of the actual Elector app and the way it is used by Likud shows that beyond the security risk its poses, they violate privacy rules.

>> Read Haaretz's Editorial: Dear Israeli Voters, Your Info Is Vulnerable

Elector's "privacy" screen. Despite the promise of privacy, the party has no way to make sure personal details of voters are not transferred without their consentCredit: Screen capture

Users who download the app are prompted with a “privacy protection” screen. There, they  are asked to affirm that the information provided is solely for the purpose of the election, and users are required to commit to not using the data in different contexts. They also need to agree that any additional information collected requires the express agreement of the voter in order to be included in the database. How does the party check these conditions are actually met? There is no answer to this question.

Elector will upload you contact list into the systemCredit: Screen capture

At the next stage, the user is welcomed and assigned the rank of “private,” and is told that they can climb the ranks by adding more names of party supporters. The supporters can be entered manually, or by giving the app access to the user’s contacts, which are then cross-checked with the voter registry. This already gives the app additional information about how the contact is referred to by his friends or relatives, potentially confirming their name and enriching the database - without direct consent. After the contact list has been uploaded, the names will appear on the screen and the user can mark whether they are Likud supporters or not - again, without their consent.

Elector. When searching for the head of the Shin Bet, the app gives an error messageCredit: Screen capture

We tried to search for the name of the head of the Shin Bet, Nadav Argaman, to see if the information about one of Israel’s most senior security figures can be accessed. The app returned an error and we learned that if users try to search for too many public figures like security officials or judges, they will be thrown out of the app and blocked.

Who are Israel's Mizrahi voters and why can't the left win their votes? LISTEN to Election Overdose

Subscribe
0:00
-- : --

The home screen allows users to update info about their contacts. This will become relevant on Election Day, as each user can update who among his entries has already voted. This helps party activists to focus only on those who haven’t yet voted.

The parties do not explain to their activists the ramifications of adding information about someone without their consent, and most users don’t think there may be a problem entering information into a database that presumably will not be erased after the election and will remain in the party’s possession forever. 

Several attempts are being made to fight this phenomenon. For example, Privacy Israel, a nonprofit organization, has sent a letter to the Privacy Protection Authority demanding that it act urgently to stop it. But to date, despite small fines, the authority has not taken any significant steps to enforce the law against the political parties. 

Leaks

Privacy is not the only issue. “The information from Elector can be found here. The database contains full information about Likud supporters and potential supporters, and its available to download for free. Enjoy!” This was a comment we received from a user after reporting about Elector, revealing that some of the data provided into the app was already online in what seems like a severe leak.

A screen capture of just one of the leaked spreadsheets

The link provided by the commenter led to the Elector database that had been leaked in February 2020, just before last year’s election. 

A preliminary examination of the information found a database containing dozens of Excel sheets connected to the voter registry. Alongside the voter’s identity number, there spreadsheets included full addresses, the number of the polling station voters are affiliated with as well as the address of the station. 

This database can be linked to Likud because one of the Excel files contain details about leading activists. 

The database contains five different types of files. The first type is information about entire cities and all the eligible voters in them. All told it contains raw information about around a million citizen.

The second type is a file of activists. The database lists 13,823 people who downloaded Elector and used it to provide information about other people who could be potential supporters. The file contains the activists’ phone numbers and the number of supporters they had provided.

The third type is several files of supporters, whose names were submitted by Elector activists through the app. In one such file there is a list of 16,000 people from all over the country who are marked as supporters. The fourth type is files of potential supporters, divided by city, with their ID and phone numbers. 

The fifth type of file was the most unusual – 10 different files of citizens which seem to be of Ethiopian descent. For example, one file was a list of 213 citizens with the last name Mengisto, which is a common name associated with members of the community. Another file had 717 citizens with the last name Tekala, and another file listed 614 people whose last name was Ababa. 

Another app, another leak

Canvaseer. A developer reviewed the app for Haaretz and said it leaves voter info exposed online and lacks even basic password protection for data

Meanwhile, an app that is serving the New Hope party headed by Gideon Sa’ar is also taking the details of activists’ contacts and violating the privacy of those people, who did not give their consent to the move. This illegal database, which includes peoples’ personal details, was exposed online for around a week. 

New Hope’s database is being built by an app called Canvaseer. When the app is installed, the user – the party activist – allows it to upload all his or her contacts.

After installation, the activist can classify their contacts in a manner similar to Tinder: Swipe right for a supporter, swipe left for an opponent. A contact deemed likely to vote for Sa’ar will get a green thumb’s up, while someone who definitely won’t get a red thumb’s down. 

A screen capture of one of the leaked spreadsheets containing Israeli voter data

Canvasser is similar to Elector. The party hopes to use the app for two different ends: First, to augment the voter data supplied to all parties, and secondly to provide a “get-out-the-vote” system for election day itself.

Among the data that was leaked was names, credit card numbers and phone numbers. Among those whose information was well-known Israelis, including a famous newscaster who is married to the party leader.

“Full names with their real phone numbers are not information that should be easily available,” an app developer that reviewed the program for Haaretz said. “What we are seeing here is simply illegal. It’s just scary to realize people don't understand the risks of what they are doing. Naively they are giving a political party information about people they know - but there is no protection of the data, the spreadsheet is not encrypted with a password and anyone with a very simple code can extract the data and store it somewhere else. This is a very amateurish app - it leaves users contacts exposed.”

Israel’s privacy authority said in response that the issues with Canvaseer are being examined and that it has asked the application to be removed from so-called app stores. It has since been taken offline. The developer, Polyphone, did not respond to comment. 

Sa’ar’s party said in response that the app was selected because it protects users' privacy. “Unlike Elector, [the Canvaseer] system can only send information but not receive it and is thus a unilateral one - it cant take information from the party or other users. Any information transferred must be voluntarily done so by the user and the system does not extract any additional information. The log that was revealed is an interim one used to help activists and it is vetted and cleared of sensitive data when added to the system itself. The New Hope party follows the most strident privacy and information security rules. 

Comments