The Israeli government is planning a new massive database to collect the data of all those leaving and arriving in Israel. The memorandum regarding the planned legislation was published last week and the public has until the end of April to file objections to the controversial database.
Legal and cyber experts are already voicing criticism of the plan, which they say will infringe on citizens’ privacy rights, pose a real security threat and will be hard to regulate and oversee.
The database is of all passengers entering and leaving Israel, and will include data from both Israelis and foreign nationals. It will include the information from all airlines about all their passengers ordering flights to and from Israel, and the names, addresses, phone numbers, email addresses, credit card numbers, passport details, check in information and the departure points and destinations of the flights – among other things – for all those traveling to and from Israel.
Lawyers and experts in the cyber and privacy sectors fear the database could leak out and be obtained by criminal and terrorist elements – as well as the possibility of being used irresponsibly by law enforcement bodies and inadequate oversight of the data. The Justice Ministry said the proposed law is needed, and international regulations require Israel to collect such information. They say such a database is already practice all over the world – including in the United States, European Union, United Kingdom, Australia and New Zealand.
“International standards have been created and an obligation has been imposed on countries to collect such data. The way information is collected and used, and the norms of data transfer between countries have taken hold and turned into standards,” the draft version of the bill says.
Visas and info leaks
Though it may be hard to discern from the wording of the bill, the real motivation behind establishing the database may have less to do with international standards, and more to do with negotiations with the U.S. over Israel entering the Visa Waiver Program. This would allow Israelis to enter the U.S. without having to obtain a visa beforehand. In October 2021, Israel and the U.S. signed an agreement on information sharing, another step on the road to the visa waiver for Israelis.
- Forget Iron Dome: Ukraine Wants Israel’s Pegasus to Fight Putin
- AI vs Dog Poop: ‘Black Mirror’ in Israel as Town Eyes Auto-enforcement
- Israel to Fast-track Ukrainian Tech Workers’ Visas
Authorities in the U.S. requested access to information on whether Israelis wanting to enter America had been convicted of serious crimes. The two sides agreed that each country could submit 1,000 such requests a year concerning people who requested visas.
The Justice Ministry’s proposed law does not mention whether the new passenger database is intended to advance the American visa waiver program, but among the authorities who will have access to this information is the Population, Immigration and Border Authority, which could send information on Israeli citizens to U.S. authorities and possibly then exempt them from having to obtain a visa.
The example of access by the American government to the data on Israeli citizens is only one of the reasons that many Israeli cyber experts consider the establishment of the database as a step too far in sharing information.
“I don’t know of any database that hasn’t leaked,” said Prof. Eli Biham, the head of the cyber security research center and former dean of the computer science department at the Technion – Israel Institute of Technology. “The Population Registry database is completely exposed, and National Insurance Institute data leak out all the time. It even has a price tag in the market – 500 shekels ($155) per record.
“Moreover, police officers use this information for their own good, and they check information about the legal situation of their daughters’ boyfriends, for example. It’s already happened a few times in the past,” said Biham.
The ministry writes in the draft of the bill that the country needs such a database to strengthen its ability to fight criminal and terrorist groups, as well as receiving information during a pandemic, such as the coronavirus. They say the database would allow monitoring those who could be carrying dangerous diseases, for example. The information will alos be accessible to government bodies such as the Israel Tax Authority, Population and Immigration Authority, health and transportation ministries. It would also allow the exchange of such information within them and between Israel and other countries – and with international organizations.
The government is trying to collect all the information on us so it will be easier to fight terrorism, said Biham. “But there is also a limitto this logic – for what reason do they need my credit card [information] if they don’t want to use it? Why do they need my email and all the details beyond what they already have?”
Data is cash
The opposition to the new database is similar to those against the Biometric Database Law. It was said about that database too that it threatens the security of Israelis, and when it was approved, fears were raised that the information in it would also leak to terrorist and criminal groups who would misuse the information – or it would be used by law enforcement authorities to incriminate people.
Jonathan Klinger, an attorney who is the legal counsel for the Digital Rights Movement, said that the reason this database was established is not clear, and the numerous bodies that have access to it is worrying: “They are once again establishing an unneeded database in the name of the fight against terrorism. When you look at this law, the first question is who is it supposed to serve: The security services, the Health Ministry or the Population Authority? If the database serves so many purposes, it means one thing: This database has no purpose.”
“From the minute such a database is established, everyone will want access to it,״ said Klinger. He gave the example of the law on communications data that allows finding the location of a telephone call.
“If there was a suspicion of serious crimes, then law enforcement authorities such as the police and Military Police investigators have the authority to use the data. The minute that other authorities start taking a ride on the law – for example the Israel Nature and Parks Authority, which asked to receive the data to find out who was lighting campfires illegally – it begins to enter the realm of the absurd. For this database, many bodies have already received access, and it will be hard to control all of them. You need to understand: The database will have passport numbers and credit card numbers – it’s a database that’s worth money, its sales potential is enormous.”
Biham said the government already has a large number of databases, and the information it wants to receive now is not needed to operate appropriately. “We see in Israel a broad phenomenon of data collection: There are speed cameras, cellular [phone] location data. The state knows where we visited on the internet, and it also has a biometric database. The government explains that it will help the war against terror, but we cannot allow ourselves to become a dictatorship. The state does not have the moral right to collect unnecessary data. It needs to collect the minimum needed to run the country, and to determine that I exist and I’m a citizen – but not beyond that,” said Biham.
“The state does not need to follow me or know where I am. It certainly does not need to know my credit card number or to check when I flew and where I’m flying to. It doesn’t need all this data. It’s the sort of information reserved only for emergency situations, in which there is a material suspicion, and there is a reason that they are provided only with a judge’s approval. I don’t think that we need to give the state my data as a gift,” added Biham.
"Israel continues to look for the easy way to deal with problems,” said Doron Ofek, the cyber expert active in the Digital Rights Movement. “Unfortunately, at the technological level, they again and again choose the solution that is easy to implement, but could irreversibly harm citizens. The more the state expands the use of intrusive databases, so will the opposition to them grow on the part of the public. The public understands the risks embodied in establishing such intrusive databases, and I’m sorry to say the various branches of the government have still not internalized this.”
The issue came up for debate seven years ago, when it was raised as part of the need to fight terrorist groups such as ISIS and al-Qaeda. Teams of government professional staff were established to advance the matter, but the implementation was delayed. When the coronavirus pandemic broke out in 2020, and information was needed on passengers entering Israel to monitor the spread of the virus, the issue was promoted even more forcefully by an inter-ministerial group headed by the Justice Ministry, which examined the need to establish the new database. The draft version of the proposed law was released last Wednesday for public comments by the ministry, and objections can be submitted until April 20.