The Tools
Surveillance and Spyware Systems Operated by the Israeli Authorities
The surveillance systems employed by the Israeli authorities – the police, the Shin Bet and the army – are characterized by their ability to store a large amount of personal information on many people, most of whom are not suspected of anything. The systems combine technologies such as spyware, automatic license plate recognition, facial recognition, information collected from cellular companies, and other sources and use them to create huge databases of information. Their implementation is often "under the radar,” and lacks transparency, public debate, or legislative regulations, and citizens learn of their existence long after they have begun to be used.
Tools and Systems in Use in Israel
The "Hawk-Eye" System
The "Hawk-Eye" system enables the police to track a vehicle’s movement throughout the country by automatically photographing and deciphering the vehicle's license plate and photographing the vehicle's occupants. It is a system that creates a large, precedent-setting database of all citizens' vehicular movements. This information is stored for future use, and enables the continuous and prolonged real-time monitoring of vehicles by including them in a list for real-time alerts.
The law regulating the use of this system does not impose any significant limit on the number and types of police cameras that can be installed; it permits information from the cameras to be stored for an extended period of up to two years; and allows police officers to easily access the information, without a court order or any external supervision. Taken together, this results in an enormous violation of the right to privacy and the right to liberty of innocent citizens who are not suspected of anything. The sweeping collection of sensitive information also has a chilling effect on the public’s willingness to exercise other rights (such as freedom of expression and demonstration), since citizens know that they may be under surveillance at any given moment. The police refuse to publish their procedures for using the system, and ACRI's petition against the amendment is pending.
For more information: Petitions from the Association for Civil Rights in Israel against the use of the system | 2021 onwards (Heb)
Police Photography at Demonstrations
In recent years, there has been a significant increase in the use of photography by police during demonstrations: both in the variety of photographic devices used, and the extent to which they are used. The police routinely document demonstrators using officers' personal smartphones. Police have also used video, still photography, drones, and other means to document protests, and footage is often taken very close to demonstrators' faces. The records are then able to be stored in a database. A policy regulating photography at demonstrations expired in September 2020; since then, there have been no clear rules and regulations regarding when and how demonstrators can be photographed, how and when photos must be stored and deleted, who can access the material, and how to protect the privacy of individuals who appear in the photographs. Instead, each police station operates as it sees fit.
For more information about this issue from 2022 onwards | see the Association for Civil Rights in Israel’s website
Facial Recognition
Investigations by the Washington Post and a report from Amnesty International have exposed the extensive use of facial recognition by the military and police in the West Bank and East Jerusalem. Without notifying locals, cameras have been installed at the crossings and checkpoints where Palestinian residents of Hebron pass.
Soldiers also use mobile phones to take pictures of passersby and enter the photos into a biometric image database using a system called "Blue Wolf." According to reports, competitions were held among the teams of soldiers sent to film, and those who photographed the most Palestinians won. Blue Wolf is one of a series of systems known as "Wolf Pack," a mass surveillance database to monitor the movements of Palestinians in the West Bank.
For more information: Washington Post article | 2021
Freedom of Information petition filed by Association for Civil Rights in Israel (ACRI) | 2021 (Heb)
Article in Haaretz | 2023 (Heb)
Amnesty Report on the Use of Facial Recognition Systems in the Occupied Territories
Random Searches of Mobile Phones
Information received by the ACRI indicates that soldiers in the West Bank conduct random searches of Palestinians’ mobile phones, including those of minors, without legal authorization or cause for suspicion. These searches are carried out on the street, at checkpoints, and during home searches. Sometimes the practice is accompanied by the erasure of files from the devices, especially those that document violence carried out by soldiers. In other cases, Palestinians reported that soldiers mocked photos or messages that they found on the phones.
For more information: Association for Civil Rights in Israel’s appeal to the military | 2024 (Heb)
Tools and Systems in Use in the Occupied Territories
Pegasus/Saifan Spyware
In January 2022, the media revealed that the police were using NSO Group's Pegasus spyware to hack into citizens' phones. Subsequently, the team appointed to investigate the issue (the Marari Team) announced that the police had actually been using Pegasus spyware since 2016 under the name "Saifan,” as well as an unspecified "additional system.” As described in the Technologies section of this website, spyware allows for remote access to all data and applications on a phone, and even allows for the possibility of controlling it remotely and impersonating the device owner.
In response to this revelation about the use of spyware, the police claimed that it was carried out in accordance with the wiretapping law and with the approval of the Ministry of Justice. However, the Marari Team found that police use of the system was excessive and went beyond what is permitted by law. It believed that there is an urgent need for a comprehensive legislative amendment to the wiretapping law in order to regulate the use of the system, but refrained from requiring that such legislation be passed. The Attorney General adopted the team's conclusions. Following instructions from the Attorney General, the police suspended the use of the system. However, despite the recommendations, no legislation has been advanced.
To the best of our knowledge, the police have not yet been allowed to use spyware again. Nonetheless, it appears that various actions are being taken together with the Ministry of Justice to restore the use of spyware via an inventive and far-reaching interpretation of the wiretapping law, and without establishing sufficient checks and balances for its use.
For more information:
Petition from the Association for Civil Rights in Israel to legislate the use of spyware | 2023 (Heb)
ACRI’s inquiries regarding the use of Pegasus | 2022 (Heb)
Marari Report examining the use of spyware by the police | 2022 (Heb)
Predictive Policing at the Airport
In November 2022, it was revealed in the media that the police were operating an AI-based crime prediction system at Ben Gurion Airport in order to locate, detain, and search drug-trafficking suspects. According to the report, the system analyzes data fed to it from various databases and based on the profile it creates, it determines whether or not to include a person’s name on a list of those to be detained for potential drug trafficking. When a citizen on the list lands at the airport, he or she will be detained and searched.
The police, backed by the Ministry of Justice, put this system into use secretly, without any public discussion or explicit legal authorization. Moreover, criminal proceedings against drug smuggling suspects identified through the system were held behind closed doors so that the system would remain secret, which further prevented public debate about the system and its legality. In response to a petition filed by the Association for Civil Rights in Israel, the State announced in August 2024 that it had ceased using the system in April 2022 due to operational considerations by the police, and that there was no intention to reactivate the system.
For more information: ACRI's petition against the use of the system | 2024 (Heb)
Shin Bet Communications Database and “The Tool”
Section 11 of the Shin Bet Law authorizes the Prime Minister to instruct that "types of information" found in communications companies that the Shin Bet requires must be transferred to the Shin Bet. The Shin Bet has interpreted the clause very broadly, as enabling them to continuously collect sweeping communications data from all citizens and residents and to store the data in a huge database. Once all sensitive information, including location data and traffic data, is in the database, it is able to be processed and searched by Shin Bet employees without a judicial order. Using a system known as “the tool," Shin Bet employees can mine information from the database, process it, and generate intelligence information about any citizen and resident. Permits for these searches are granted routinely and extensively, and Shin Bet employees can access the database and search it whenever they want on the basis of a general, rather than individual, permit.
This is a powerful means of mass surveillance, about which the public knows very little. The use of the database for contact tracing during the Coronavirus pandemic revealed that the database includes the communications data of all citizens in the country, and is not limited to suspects of crimes or intelligence targets. Because of this broad collection, the Shin Bet was quickly able to locate Coronavirus patients and their close contacts with other innocent civilians that had taken place two weeks earlier. Again, this is not data being collected about criminal suspects, but a regular, expansive, and ongoing transfer of all the data held by communications companies, which allows for constant, large-scale, and intrusive surveillance of Israeli citizens and residents.
For more information: ACRI's petition regarding the Shin Bet database | from 2022 (Heb)
Pegasus Spyware
In November 2021, various media outlets reported that the phones of six Palestinian human rights activists and a civil society organization in the occupied territories had been breached using Pegasus spyware belonging to the Israeli company NSO. Three of the six operatives in whose phones the software was discovered worked in organizations declared by the Defense Minister to be terrorist organizations – a declaration that was made based on confidential materials without presenting evidence, and that had been widely condemned in Israel and around the world. As detailed in the Technologies section of this website, spyware such as Pegasus makes it possible to take control of another person's phone remotely, without their knowledge or consent. This grants access to messages, emails, and photos, allows the user to remotely control components of the phone such as the camera or speaker, and to even send messages from the device. The use of this software against civil society activists working to expose human rights violations is of particular concern.
For more information: Inquiry from the Association for Civil Rights in Israel (ACRI) on the subject | 2022 (Heb)
Almonsk App
During the COVID-19 pandemic, Palestinians working in Israel were required to fill out a health declaration form through the "Almonsk المنسق" app, organized by the Coordinator of Government Activities in the Territories. This demand was, ostensibly, innocent and legitimate, but in order to fill out the form the employee had to download the application on their phone and create a personal account after agreeing to the application’s terms and conditions. These terms and conditions included consenting to grant full access to all information on the phone, including contacts, messages, access to the camera, and geographic location to the Coordinator of Activities in the Territories and the military. Theoretically, the military could make extensive use of the information at its discretion, store it, and even transfer it to third parties. Following appeals to the State Attorney's Office, including those from the Association for Civil Rights in Israel, Physicians for Human Rights, and Kav LaOved, the terms of use of the application were changed in a way that limited access to users’ information.
For more information: The organizations' appeal to the State Attorney's Office | 2020 (Heb)
Existing and Future Legislation to Regulate Surveillance Technology
Communications Data Law
The Criminal Procedure Law (Powers of Enforcement – Communications Data), 5768-2007 came into force at the end of June 2008. This law allows the police and other investigative authorities in Israel to obtain information defined as "communications data" from cellular companies and internet service providers. This is sensitive personal information collected about any person: information about a person's location, the names of the people or organizations that were called using the phone, email correspondence, and more.
In 2008, the Association for Civil Rights in Israel petitioned the Israeli Supreme Court to restrict the law's applicability. In its 2012 ruling, the Supreme Court determined that the law should be narrowly interpreted, stating that the collection of information would be limited to circumstances when there are concrete investigations of specific offenses, and cannot include collecting intelligence information or broadly attempting to prevent offenses. However, there is still a concern about expanding the use of this data and about using the law for "reverse tracking:" identifying anyone located at a suspected crime scene, which could result in many civilians becoming suspects.
Legal Status
A joint position paper by the Association for Civil Rights in Israel and Breaking the Silence analyzes to what extent the protection of the right to privacy is appropriate in an area under a belligerent occupation. An examination of the standard framework applicable in the occupied territories leads to the conclusion that Israel has an obligation to respect the right to privacy of West Bank residents. This obligation is enshrined in occupation law, human rights law, and Israeli law.
Special Photography Systems Law ("Tracking Law")
In January 2024, an amendment to the Police Ordinance came into effect that regulates the use of photography-based tracking systems by the police, and retroactively legalizes the use of the "Hawk-Eye" system. This law allows for the continuous and prolonged monitoring of the movements of specific vehicles by including them on a list for real-time alerts. It does not impose a real limit on the number and types of police cameras that can be installed. Moreover, in a manner that is precedent-setting, it also allows the police to store all the information from the cameras for an extended period of up to two years. This database includes sensitive location data for every citizen traveling in a vehicle, and the law allows easy access to that information by any police officer, without a judicial order and without external supervision.
Taken together, this system is a major violation of the right to privacy and the right to liberty, including the rights of innocent citizens who are not suspected of anything. The law also has a chilling effect on the willingness to exercise other rights (such as freedom of expression and demonstration), because citizens know that at any given moment they may be under surveillance. The police refuse to publish their procedures for using the system.
The Shin Bet Law and Shin Bet Law Memorandum
On December 11, 2023, a comprehensive law memorandum was published to amend the Shin Bet Law, the first amendment to the law since it was originally passed by the Knesset at the turn of the 21st century. The memorandum is a response, among other things, to two petitions by the Association for Civil Rights in Israel alleging that the Shin Bet operates spyware and collects communications data without the legal authority to do so. However, instead of tightening supervision of the advanced surveillance tools available to the Shin Bet, it appears that the memorandum is intended primarily as a way to grant the Shin Bet increasingly sophisticated powers and espionage tools, and it does not adequately protect the rights of citizens. For example, the memorandum proposes giving the Shin Bet the authority to conduct covert searches of mobile phones using spyware, and even to delete or disrupt content on the phone without the need for a judicial order, as long as the Prime Minister–a political figure–or the head of the Shin Bet approves. Giving the Shin Bet the authority to infiltrate phones without any external supervision is an invitation to spy on civilians, and may be used to spy on dissidents, journalists, opposition members, and even to incriminate innocent people—all under the pretext of state security.
The memorandum also ignores the trend in democratic countries to increase external supervision of security agencies operating sophisticated surveillance systems, and is a continuation of the thinking that existed when the law was originally enacted. In an era of polarization, when appointments are politicized and the power of legal advisers has been weakened and, simultaneously, surveillance tools are infinitely more powerful than they had been in the past, it is extremely problematic to allow the Shin Bet to continue operating without transparency and without effective external supervision.
For more information:
ACRI's comments on the bill (Heb)
The Society's Petition on the Use of Spyware (Heb)
ACRI's Petition Regarding the Shin Bet Database (Heb)