To track coronavirus, Israel moves to tap secret trove of cellphone data

Prime Minister Benjamin Netanyahu of Israel has authorised the country’s internal security agency to tap into a vast and previously undisclosed trove of cellphone data to retrace the movements of people who have contracted the coronavirus and identify others who should be quarantined because their paths crossed.

David M Halbfinger, Isabel Kershner and Ronen BergmanThe New York Times
Published : 17 March 2020, 09:14 AM
Updated : 17 March 2020, 09:14 AM

The unprecedented move to use data secretly gathered to combat terrorism for public health efforts was authorised Sunday by Netanyahu’s holdover Cabinet. It must still be approved by Parliament’s Secret Services Subcommittee.

The subcommittee met Monday afternoon but ended its discussions after 4pm — when a new Parliament was to be sworn in — without holding a vote, essentially stopping the approval process.

The existence of the data trove and the legislative framework under which it is amassed and used have not previously been reported. The plan to apply it to fighting the virus, alluded to only vaguely by Netanyahu, has not yet been debated by lawmakers or revealed to the public.

The idea is to sift through geolocation data routinely collected from Israeli cellphone providers about millions of their customers in Israel and the West Bank, find people who came into close contact with known virus carriers and send them text messages directing them to isolate themselves immediately.

Disclosure of the plan raised alarms among privacy advocates and among critics of Netanyahu, who is simultaneously battling to retain power after those seeking his ouster won a majority in elections Mar 2, and imposing increasingly authoritarian measures in response to the crisis. His justice minister Sunday severely curtailed the courts, a move that was followed hours later by the postponement of Netanyahu’s criminal trial on bribery and corruption charges, which had been scheduled to begin Tuesday.

In addition to the location-tracking effort, Netanyahu’s caretaker government Sunday authorised prison sentences of up to six months for anyone breaching isolation orders; barring visitors, including lawyers, from prison and detention facilities and allowing the police to break up gatherings — as of now, more than 10 people — by means including “the use of reasonable force.”

It is the existence of the cellphone metadata trove and its use to track coronavirus patients and carriers that privacy advocates say poses the greatest test of Israeli democracy at an extraordinarily fragile moment.

Malkiel Blass, who was a deputy attorney general from 2004 to 2012, said that because of the dissolution of Parliament in December, Netanyahu’s Cabinet had been operating without legislative oversight for too long.

“Even in crises of this nature, the core of civil rights in a democracy must be preserved,” Blass said in an interview. “I understand that infection and contagion and the spread of the virus must be prevented, but it is inconceivable that because of the panic, civil rights should be trampled without restraint, at levels that are totally disproportionate to the threat and the problem.”

Anticipating such criticism, officials insisted that the use of cellphone data by the Internal Security Agency — known by its Hebrew acronym, Shin Bet — would be scrupulously circumscribed.

“The use of advanced Shin Bet technologies is intended for one purpose only: saving lives,” said a senior security official, who insisted on anonymity to discuss such a sensitive matter. “In this way, the spread of the virus in Israel can be narrowed, quickly and efficiently. This is a focused, time-limited and limited activity that is monitored by the government, the attorney general and the Knesset’s regulatory mechanisms.”

If the virus is putting Israel’s democratic norms to the test, the lack of a broader immediate outcry suggested that people may be fairly tolerant.

“Like in every country, there are things that happen secretly, and that’s a good thing so long as there is oversight,” said Ran Sa’ar, chief executive of Maccabi Health Services, Israel’s second-largest health fund, with 2.4 million members.

Saying there could be many as-yet-unknown carriers of the virus in Israel, Sa’ar said the country could soon be overwhelmed if it did not identify them before their numbers grow to tens of thousands.

“If we can locate them, it will help,” he said.

The Shin Bet has been quietly but routinely collecting cellphone metadata since at least 2002, officials confirmed. It has never disclosed details about what information it collects, how that data is safeguarded, whether or when any of it is destroyed or deleted, who has access to it and under what conditions, or how it is used.

Two laws and a number of secret regulations and administrative orders govern the data-collection effort and its use by the Shin Bet, officials said.

The Telecommunications Law, amended in 1995 with the advent of widespread cellular networks, gives the prime minister broad powers to order carriers to allow access to their facilities and databases “as necessary to perform the functions of the security forces or to exercise their powers.”

Article 11 of the Israeli Security Agency Law, enacted in 2002, lets the prime minister determine what sort of information about cellphone subscribers “is required by the service to fulfill its purpose,” and declares that the companies must “transfer information of these types” to the Shin Bet.

Under that law, it is up to the head of the Shin Bet to determine how cellphone data is used. While the law authorises its use for only six months, the Shin Bet director may reauthorise it. The director is required to report to the attorney general every three months and to the Knesset’s Secret Services Subcommittee yearly.

Since 2002, a former senior Justice Ministry official said, prime ministers have required cellphone companies to transfer to the agency a vast range of metadata about their subscribers. The official refused to say what categories of data were being provided or withheld, but metadata includes the identity of each subscriber, recipients or initiators of each call, payments made on the account, as well as geolocation information collected when phones communicate with cellular transmission towers.

Using cellphone data to combat the coronavirus requires government approval because the Security Agency Law limits the Shin Bet’s role to protecting Israel “against threats of terror, sabotage, subversion, espionage and exposure of state secrets.” It is permitted to act in other ways “vital to national security” but only with the approval of the cabinet and the Secret Services Subcommittee.

Ami Ayalon, Shin Bet’s chief from 1995 to 2000 and a former Labor party lawmaker, called the clause allowing the agency’s mission to be expanded “very problematic.”

“The question of whether it is justified is a dilemma that falls exactly in that crack between democracy and national security,” Ayalon said.

Still, he said, “Liberal democracy is violated by all sorts of battles.”

Contrary to some Israeli reports, there is no plan to hack into Israeli citizens’ cellphones. But experts said that was simply unnecessary because the government already receives, as a matter of course, enough data from cellphone carriers to monitor the whereabouts of nearly anyone.

© 2020 The New York Times Company

Toufique Imrose Khalidi
Editor-in-Chief and Publisher