Tuesday, March 17, 2020

To Track Coronavirus, Israel Moves to Tap Secret Trove of Cellphone Data

David M. Halbfinger, Isabel Kershner and Ronen Bergman




a group of people standing in front of a building: A market in Tel Aviv on Sunday. The Israeli government is escalating efforts to contain the spread of the new coronavirus. 4 SLIDES 

© Corinna Kern/Reuters

JERUSALEM — Prime Minister Benjamin Netanyahu of Israel has authorized the country’s internal security agency to tap into a vast and previously undisclosed trove of cellphone data to retrace the movements of people who have contracted the coronavirus and identify others who should be quarantined because their paths crossed.

The unprecedented move to use data secretly gathered to combat terrorism for public health efforts was debated for hours on Sunday by Mr. Netanyahu’s holdover cabinet.

It was supposed to be approved by Parliament’s Secret Services Subcommittee on Monday but the subcommittee ended its discussions after 4 p.m. — when a new Parliament was sworn in — without holding a vote.

Mr. Netanyahu then said the government would approve emergency regulations on Monday night that would allow for the use of the data for a limited period of 30 days, with the permission of the attorney general.

“Israel is a democracy,” Mr. Netanyahu said. “We have to maintain the balance between the rights of the individual and needs of general society, and we are doing that.”

The existence of the data trove and the legislative framework under which it is amassed and used have not previously been reported. The plan to apply it to fighting the virus, alluded to only vaguely by Mr. Netanyahu, has not yet been debated by lawmakers or revealed to the public.

The idea is to sift through geolocation data routinely collected from Israeli cellphone providers about millions of their customers in Israel and the West Bank, find people who came into close contact with known virus carriers, and send them text messages directing them to isolate themselves immediately.

Disclosure of the plan raised alarms among privacy advocates and among critics of Mr. Netanyahu, who is simultaneously battling to retain power after those seeking his ouster won a majority in elections March 2, and imposing increasingly authoritarian measures in response to the crisis. His justice minister on Sunday severely curtailed the courts, a move that was followed hours later by the postponement of Mr. Netanyahu’s criminal trial on bribery and corruption charges, which had been scheduled to begin on Tuesday.

In addition to the location-tracking effort, Mr. Netanyahu’s caretaker government on Sunday authorized prison sentences of up to six months for anyone breaching isolation orders; barring visitors, including lawyers, from prison and detention facilities and allowing the police to break up gatherings — as of now, more than 10 people — by means including “the use of reasonable force.”

It is the existence of the cellphone metadata trove and its use to track coronavirus patients and carriers that privacy advocates say poses the greatest test of Israeli democracy at an extraordinarily fragile moment.

Malkiel Blass, who was a deputy attorney general from 2004 to 2012, said that because of the dissolution of Parliament in December, Mr. Netanyahu’s cabinet had been operating without legislative oversight for too long.

“Even in crises of this nature, the core of civil rights in a democracy must be preserved,” Mr. Blass said in an interview. “I understand that infection and contagion and the spread of the virus must be prevented, but it is inconceivable that because of the panic, civil rights should be trampled without restraint, at levels that are totally disproportionate to the threat and the problem.”

Anticipating such criticism, officials insisted that the use of cellphone data by the Internal Security Agency — known by its Hebrew acronym, Shin Bet — would be scrupulously circumscribed.

“The use of advanced Shin Bet technologies is intended for one purpose only: saving lives,” said a senior security official, who insisted on anonymity to discuss such a sensitive matter. “In this way, the spread of the virus in Israel can be narrowed, quickly and efficiently. This is a focused, time-limited and limited activity that is monitored by the government, the attorney general and the Knesset’s regulatory mechanisms.”

If the virus is putting Israel’s democratic norms to the test, the lack of a broader immediate outcry suggested that people may be fairly tolerant.

“Like in every country, there are things that happen secretly, and that’s a good thing so long as there is oversight,” said Ran Sa’ar, chief executive of Maccabi Health Services, Israel’s second-largest health fund, with 2.4 million members.

Saying there could be many as-yet-unknown carriers of the virus in Israel, Mr. Sa’ar said the country could soon be overwhelmed if it did not identify them before their numbers grow to tens of thousands. “If we can locate them, it will help,” he said.

The Shin Bet has been quietly but routinely collecting cellphone metadata since at least 2002, officials confirmed. It has never disclosed details about what information it collects, how that data is safeguarded, whether or when any of it is destroyed or deleted, who has access to it and under what conditions, or how it is used.

Two laws and a number of secret regulations and administrative orders govern the data-collection effort and its use by the Shin Bet, officials said.

The Telecommunications Law, amended in 1995 with the advent of widespread cellular networks, gives the prime minister broad powers to order carriers to allow access to their facilities and databases “as necessary to perform the functions of the security forces or to exercise their powers.”


Article 11 of the Israeli Security Agency Law, enacted in 2002, lets the prime minister determine what sort of information about cellphone subscribers “is required by the service to fulfill its purpose,” and declares that the companies must “transfer information of these types” to the Shin Bet.


A former senior Shin Bet official who was involved in pushing for the 2002 legislation said that the agency had not pushed for Article 11 because officials believed lawmakers would “never allow such a draconian clause to pass.” But lawmakers “didn’t understand what it was about and nobody said anything,” added the former official, who insisted on anonymity to discuss sensitive intelligence issues.

The former official added that after Edward Snowden, a former National Security Agency employee, leaked details about the United States government’s bulk collection of data on American citizens, igniting a furor, “we all laughed, that what the American intelligence community was trying to hide, and what caused such an uproar among the American public, is so clearly written in Israeli law.”

Under that law, it is up to the head of the Shin Bet to determine how cellphone data is used. While the law authorizes its use for only six months, the Shin Bet director may reauthorize it. The director is required to report to the attorney general every three months and to the Knesset’s Secret Services Subcommittee yearly.

Since 2002, a former senior Justice Ministry official said, prime ministers have required cellphone companies to transfer to the agency a vast range of metadata about their subscribers. The official refused to say what categories of data were being provided or withheld, but metadata includes the identity of each subscriber, recipients or initiators of each call, payments made on the account, as well as geolocation information collected when phones communicate with cellular transmission towers.


Using cellphone data to combat the coronavirus requires government approval because the Security Agency Law limits the Shin Bet’s role to protecting Israel “against threats of terror, sabotage, subversion, espionage and exposure of state secrets.” It is permitted to act in other ways “vital to national security” but only with the approval of the cabinet and the Secret Services Subcommittee.


Ami Ayalon, Shin Bet’s chief from 1995 to 2000 and a former Labor party lawmaker, called the clause allowing the agency’s mission to be expanded “very problematic.”

“The question of whether it is justified is a dilemma that falls exactly in that crack between democracy and national security,” Mr. Ayalon said.

Still, he said, “Liberal democracy is violated by all sorts of battles.”

Contrary to some Israeli reports, there is no plan to hack into Israeli citizens’ cellphones. But experts said that was simply unnecessary because the government already receives, as a matter of course, enough data from cellphone carriers to monitor the whereabouts of nearly anyone.

Lior Akerman, a former Shin Bet officer, said the agency was well practiced in distinguishing between appropriate targets — those suspected of harming national security — and innocent civilians.

“In this case,” Mr. Akerman said, “it is not about tracking innocent people or invading their privacy, but using existing technologies to identify and locate sick people and carriers who could infect thousands.”

But Tehilla Shwartz Altshuler, a senior researcher at the Israel Democracy Institute, argued that deploying the Shin Bet, which already has the necessary data in hand, was “easy but dangerous.”

“The problem is it’s a very slippery slope,” she said, arguing that it would be safer to put the police in charge.

“I don’t want to sound like a dissident, but if your right to privacy is important for you, you ought to be worried,” Ms. Altshuler said, adding: “This is not war or an intifada. It’s a civilian event and should be treated like one.”

No comments: