Privacy at war – summary of first webinar
First Webinar: Administrative Aspects
Background
In late 2023, Future of Privacy Forum’s Israel Tech Policy Institute, held two webinars looking into aspects of privacy at wartime.
It appears that as much as many believe it to be an unnecessary luxury in the digital age, privacy is being neglected even more during war time. Like the proverbial muses, it seems that when the cannons roar, privacy is silent.
It is clear that wartime in Israel involves dilemmas and needs that can clash with privacy and data protection. For example, the desire to share videos for commemoration or public relations purposes, or for community-based organizations to deal with emergencies or support certain populations requires obtaining personal information. On the administrative level as well, the challenges we have faced upon the outbreak of the war can be met more efficiently by using data. For example, the need to identify a huge number of corpses within a short time, and cyber-attacks on larger scales than in the past, and with potential critical implications during wartime all create exigent circumstances that may be in tension with data protection.
We have therefore decided to devote some time to several questions that have preoccupied the Israeli public of late. In the first webinar, we focus on the administrative aspects of the dilemmas, and the second webinar is devoted to individual aspects, with emphasis on our personal need for memory and commemoration.
What follows is a summary of the main points. See below for the full conversation and a link to the video (in Hebrew).
The series is facilitated by Adv. Rivki Dvash, a senior fellow in the Israeli Tech Policy Instituter.
Cyber Security Risks
Amit Ashkenazi, adv, law and policy consultant (cyber, ai, data protection), former legal advisor at the Israel National Cyber Directorate and the Israel Privacy Protection Authority.
First’ I’d like to distinguish conceptually between violating an individual’s privacy and privacy in its technological context, which is the subject of this discussion. We’re discussing the principles of using technology in order to avoid privacy violation.
Another relevant and closely related area is information security and cyber defense. This area deals with the way we use technology and information systems. This usage exposes us to risks produced by the technologies. We consume technology differently from the way we consume healthcare, for example, because technology in most cases does not require licensing or pretesting prior to launching, and its defects are often discovered only during use. People with malicious purposes can use these faults to our disadvantage.
With its information security regulations, the consent requirement, the principle of purpose limitation, etc., the Privacy Protection Law tries to minimize the risk.
Two pieces of legislation have recently been promulgated in the cyber area – Temporary Law on Handling Severe Cyberattacks in the Digital and Storage Services Sector (“Iron Swords”), 5774-2023 [hereafter, Cyber Law] and the Authorization Law for Penetrating Computer Material Used for Operating a Stationary Camera (“Iron Swords”), 5774-2023 [hereafter, Camera Law].
Cyber legislation is designed to incentivize service providers to show greater responsibility. This is always required, but in wartime, when cyberattacks also increase, this may be critical. We have seen severe disruption in Ukraine due to cyber warfare and lack of protection.
Here, we are exposed to a complex situation involving cyber defense and national security because unlike physical security in public space, the organization responsible for cyber protection is the one that has installed the technology to begin with, and in fact, if it doesn’t follow the rules, it would be very difficult for any national public administration body to act in its stead. Therefore, we see a trend – worldwide and in Israel – of imposing increasing legal obligations on organizations to deal with cybersecurity, among other thing to prevent harm to third parties.
The working assumption of the Camera Law is that there’s a certain place where a camera is installed, which is hacked, unbeknownst to the owner, or without the owner being able to handle the hack. At the moment, we lack the legal tools to protect ourselves against such an event, which could be critical in an emergency. After October 7, we need to consider the possibility that this could be a preliminary move leading to terrible things.
In this case, the law authorizes the Commander of the Cyber Defense Division to authorize soldiers to handle the failure and risk, without a court order and without being required to notify the camera owner. This is a highly significant precedent in the state’s ability to access private computers. Note that the law is highly restrictive with regard to what may be done after penetrating the computer: no private information can be collected or used.
In the US, the FBI accessed computers remotely in order to address vulnerabilities out of fear for the broad public interest and the understanding that it is impossible to reach out to every victim in order to deal with the bugs. But there, this was done subject to a legal order authorizing the agency to do highly selective actions. the order was granted based on expert opinion, and the FBI was required to notify the computer owners as much as possible.
To conclude, we see the complexity in the need to block cyberattacks and prevent the possibility of misusing poorly installed cameras, and the dilemmas related to the very authorization to perform these actions.
Regarding the Cyber Law, various countries already have regulations in place that apply to suppliers in peacetime as well, because they’re responsible for protecting their customers. Here, we have a preliminary requirement, prior to exercising the authority. The requirement is for a severe cyberattack to take place. A theoretical prediction is not enough.
This begs the question, why do we need protective legislation only after the risk has already materialized? In previous versions of cyber legislation, there was a broader range of tools that also addressed the obligation to prevent risk. For example, we thought of cyber security guidelines and standards to be applied in the customs when importing technological products, or that whoever buys a security camera would be given a form with guidelines on how to change the camera’s password and recommendations for downloads that would make it more secure. In other words, if we want to provide more systematic protection, we don’t have to start with these dramatic legislative tools.
The Immediate Need for Information to Identify the Dead
Adv. Nirit Lahav-Kanizo, Government Authorities Cluster, office of legal counsel and legislative affairs (Criminal Law), Ministry of Justice.
Let me start with a trigger warning: the subject under discussion is not easy to digest. Note also that some of the details have to do with activities of security or intelligence agencies, so I will present the reality as we’ve experienced it subject to these limitations.
On the evening of Saturday 7, the situation was that several hundreds of bodies would have to be identified by the police within a short time, and legislative amendment were required to that end. Beyond the understandable need to identify the bodies for the families, we needed to be very clear on which bodies belonged to terrorists, and how the number and identity of hostages could be estimated, given the need to make strategic and operational decisions about Israel’s political and military response – again, within a tight schedule.
The police routinely identifies bodies and locates John Dos, but the reason it needed immediate legislative amendments was the sheer scope of the events – hundreds of casualties, at a scope completely unknown to date, in an event that also involved hostages taken beyond the border, in wartime.
Already by Saturday evening, we knew we had corpses in highly severe conditions (burnt bodies, mutilated body parts, etc.), and that identification would be very difficult. In the background, there were the very large amounts, and the evacuation difficulties at first, while rockets were still being shot and terrorists still roaming the area. Some of the bodies were collected by civilians and members of the Disaster Victim Identification organization, so that we didn’t always know to pinpoint the body’s original location, thereby helping the police to start identifying it.
The military and security organizations are able to identify their soldiers and employees because they are prepared for these situations, but there is no such preparedness when it comes to civilians.
The emergency regulations that allowed us to cross-reference information from the national Biometric Database were promulgated under the assumption that we may find ourselves facing multiple arenas with similar scenarios.
So what are the amendments we have promoted to meet all these needs?
First, we enabled the Israel Police, the IDF, the ISA (Shabak) and the Mossad to obtain facial photographs and fingerprints from the Ministry of the Interior’s Biometric Database in order to identify bodies and locate missing persons – only for this restricted purpose. When it comes to fingerprints, we have highly advanced technology that can significantly reduce the uncertainty regarding the identity of the deceased within a very short timeframe. Note that the database was not shared in its entirety, nor in parts. The information was received in two configurations: facial photos and fingerprints of the deceased and missing persons, and the transfer of fingerprints of bodies to the [National Biometric Database] Authority, which compared it with the database to obtain identification results regarding each. In other words, we are talking about highly restricted information.
This authority is not new. The option is available also in the current version of the Inclusion of Biometric Means of Identification and Biometric Identification Data in Identity Documents and in an Information Database Law, 5777-2009. The police can also obtain that information from the database by court order for the purpose of identifying and locating missing persons, and the ISA and Mossad can also receive that information for their purposes.
The existing legal provisions could not be activated however, since this required regulations that had not yet been approved. Hence the need for an alternative option. With regard to the IDF, which is not mentioned in the law, this is indeed an innovation, but this is required given the IDF’s skills and capabilities in locating missing persons, required at this time also with regard to civilians as well as given the military context of the abduction. In the end, we waived the requirement for a court order.
The second authority we provided for was to demand information and documents provided to the police on a very broad basis – but strictly for the purpose of identifying the deceased and locating missing persons.
Perhaps the most worrisome aspect from the public perspective was the government’s decision to go back to saving fingerprints in a database and keep the prints that still exist in it, which is a return to the situation before 2017, when it was decided to delete the database. As also stated in the Knesset, what is at stake here is a future need to be able to learn lessons and change the arrangements determined in 2017. There are also general thoughts about the appropriateness of that decision, regardless of the purpose of identifying bodies and missing persons, given technological aspects not met by facial photos. At the moment, the temporary order is to prevent fingerprints from being deleted from the database for one year, with the option to extend it for an additional year, but only for the restricted purposes provided for in the legislation.
To minimize the violation of privacy, protective mechanisms have been integrated. The organizations do not have access to the database. Oversight mechanisms are also in place, with procedures requiring the agencies receiving the information to protect it and use it only for the purpose provided for in the law. There are instructions to erase unnecessary information. The agencies are also aware that this is sensitive information, and that the biometric database is to be used only in the lack of any alternatives.
Dilemmas of Government Public Relations and the Public’s Right to Know
Adv. Elad Man Chief Legal Counsel to Hatzlaha – Promoting a Fair Society, media and communication regulation scholar, former member of the Press Council Presidency.
Our starting point is the fact that we have a large amount of documentary materials, many in audio, that powerfully visualizes the events of October 7th. These materials have an aspect of violating privacy. Therefore, we need to examine the purpose of these materials and whether that purpose prevails over the right to privacy.
Some of the materials are related to people who are no longer alive, and others to people who cannot express their will (hostages) — so consent is irrelevant. These situations become even more traumatic because of what is documented. Some of the subjects are minors, and some footage reveals traumatic and graphic events to which one would not necessarily consent to broadcast.
Beyond promoting the Israeli cause, these materials must be presented as evidence in international legal and quasi-legal forums to convince them of the need to act. Some of the videos are used for propaganda campaigns—both explicit and implicit—directed also at Israeli citizens. Such usage may be considered more problematic, particularly if it is implicit and if, given its very nature, official agencies would not want anyone to know that it was used either fully or partially for their purposes.
Beyond these official uses, we also need to ask journalistic questions, such as whether it is professionally and ethically justified to violate values protected by legislation that protects privacy, for example, or legislation concerning the protection of minors or crime victims, which forbids the publication of certain materials in specific cases. Is it right to make an exception? Is it legally permissible to shift the balance we have known until now?
In the treatment of these materials by the media and government bodies, we see a range of solutions and steps taken, not only out of privacy considerations. Sometimes, they are guided by other factors, such as fear of affecting morale or fear of public response, despite the material’s propaganda value. For example, it was decided not to broadcast hostage videos disseminated by Hamas, as well as other videos by Hamas, although they are accessible on foreign channels and social media. The solution was to report on the video without broadcasting it.
The idea is to align the policy with the families’ interests. But in some cases, the family wanted to air the video, and the media thought this was ethically wrong. Another solution was to play a video edited by the IDF to a limited audience of foreign journalists and diplomats. Later on, it was also shown to members of the Knesset and senior officials abroad, Hollywood influencers, etc. The spectrum of viewers broadened, but the raw materials were still not broadcast to the public, and no authorization was given to take snapshots from the video. This is also a situation unique to the extreme circumstances we have found ourselves in.
As opposed to privacy violation, there is a need that goes beyond public relations – the paramount need to initiate moves to save the lives of Israeli hostages Here, matters are highly situation-dependent, and we can think of all kinds of dilemmas. For example, had there been documentation of Israelis shooting hostages? This is a complex question not only in terms of privacy. There is also a public interest in revealing what happened there, but this is highly sensitive at the moment.
There is also a blind spot that must be raised, as awkward as it may be to do so, which is protecting the privacy of the other side. We have seen photos of the mass arrests of those described as civilian Hamas activists or terrorists, but eventually, most of them have been released. The IDF itself has learned lessons from these events.
We must understand that there is no single solution for all cases. There are various solutions, and I’m not certain whether, should one of these cases find its way to court, the boundaries could be clearly drawn. There are various perimeters of reasonable conduct. This only illustrates the complexity of these times and the tension between privacy and other purposes and benefits.
Link to the video.
