Netanyahu’s Party Broke Privacy Law With Election App, Justice Ministry Says

Avigdor Lieberman’s Yisrael Beiteinu and Likud are accused of collecting data on voters through the Elector app without their consent

Send in e-mailSend in e-mail
Likud activists in Tel Aviv on Election day, March 2, 2020.
Likud activists in Tel Aviv on Election day, March 2, 2020. Credit: Ofer Vaknin

Prime Minister Benjamin Netanyahu's Likud party broke privacy laws by using an election app that allowed them to collect data on voters during last March’s election, the Privacy Protection Authority announced Wednesday.

The authority, which is part of the Justice Ministry, cited both Likud and Avigdor Lieberman’s Yisrael Beiteinu party for illegally collecting data on voters through the Elector app. 

Will ultra-Orthodox rioting move the needle on Israel's March 23rd election? LISTEN

Subscribe
0:00
-- : --

The parties as well as the company behind the app will likely face fines in the tens of thousands of shekels, as some information was leaked online due to security flaws in the program.

All of Israel’s political parties receive personal details of voters before the elections and commit to protecting their privacy, as well as not to reproduce the registry, not to provide it to a third party, and to permanently erase all the information once the election is over. Likud uploaded this information to the Elector app, including voters’ full names, ID numbers, genders and addresses, and in some instances included telephone numbers and other personal details. Yisrael Beiteinu, as well as the ultra-Orthodox Shas party, also used the app ahead of the March election.

According to information obtained by Haaretz, a vulnerability in the application allowed for anyone to easily download the entire voter registry – and all the information it contains. In September, the Privacy Protection Authority launched an investigation into the app and its use by the parties. 

Haaretz reported the intention of authority to fine Likud and Elector. However, the authority’s decision on Wednesday sets a precedent because never before has a political party been fined for a voter registry information leak. The authority's investigation focused on breach of the Privacy Protection Law and the Election Law, which holds political parties responsible for protecting the confidentiality of the voter registries transferred to them by the Interior Ministry. 

The leak exposed by Haaretz revealed that the data of 6.5 million Israelis, including their names, phone numbers, ID numbers, addresses and even the local polling station they are supposed to vote from could easily be extracted from the application, which was endorsed by Netanyahu who urged his supporters to download it ahead of the election. The app allowed people to fill in additional data about those already in the database - including the political affiliations of family members - without their knowledge or consent. 

In an interview to Haaretz, the Elector app’s developer admitted that there was at least one instance in which data was leaked by one of the parties who had access to its database. He said he filed a complaint with the police and the privacy authority in response.

On Wednesday, the authority sent a letter to the directors-general of both parties. The letter also detailed their past responses to the claims: Likud, for example, in a November hearing, blamed the leak on Elector and said it was not legally responsible for any breach of privacy laws. In the letter, the authority rejected that claim and said the law holds the parties responsible for the fate of the data shared with them. 

The authority stressed that Likud used Elector to collect additional data on voters without their knowledge by allowing other people to download the app and augment the existing database.

“Regarding the use of the Elector app, there is an explicit ban on the use of personal data in instances in which the people in question did not formally consent,” the letter to the parties said. “The goals for which this data was collected - or even who it was being collected for - were never disclosed,” it added, noting that Likud actually transferred this information into their own databases.

The letter is a clear message to all of Israel’s political parties that collecting data on voters through such apps is illegal as the country heads for a fourth election in two years.

Likud did not respond to the news. Yisrael Beiteinu said the party “bought limited technical services from Elector and made no use of the app the company developed.”

The party also said that “the leak in question did not come from Yisrael Beiteinu or from its data. No sensitive personal data was collected by Yisrael Beiteinu and none certainly leaked.” The party vowed it has cut its ties with Elector and said it was “taking serious steps to address privacy concerns.”

Elector said that as soon as the authority informed them about the leak they worked to fix it and “after that Israel’s cyber authority also checked the system and found no further security weaknesses. Elector will study the findings and work to address any issue, as it has done up until now.”

Comments