The original version of this blog post, written in Hebrew, can be found here.
Israel is buzzing these past few days with news of a breach of the entire country’s database of voters, which was accessible to anyone through an app developed for the Likkud Party by a company called “Elector.”
Before every election in Israel, national or local, the “voter book” is delivered to hundreds of parties, factions, and candidates by the Ministry of Interior, so that they can make contact with voters during their campaigns. The voter book – of course, it’s a digital file – includes names, addresses, identity numbers, father or mother’s name, and voting area. The distribution is sanctioned by the national electoral law and is intended to support the democratic process. It makes it possible for new parties and small ones that have not accumulated large databases of supporters to compete with the big and old parties. This way, new parties are granted a fast pass to the starting line for each campaign. It also allows the candidates to actively rally people to vote and help the elderly and disabled travel to the polls to cast their votes.
However, this high-minded idea has long been undermined by a well-known, systemic, and persistent problem: the Information provided by the Ministry of Interior is in an unprotected basic file, is practically unrestricted in use, and the users who access the information are not monitored. That means any of the recipients could forward the information not only to field activists or polling services, but also to app developers and data brokers. That is exactly how the information came to Elector. The company provided services to the Likud, Shas, and Israel Betinu parties.
The most sensitive information in the register are identification numbers – “anchor” data that allows for the precise identification of a person in Israel – similar to Social Security numbers in the U.S. The release of identification numbers is even more disturbing when they are paired with names and addresses from the voter file. The information is exposed and widely circulated each election campaign (again, vulnerabilities in this system have been known for a long time) and has been used by data brokers, private investigators, and polling companies. Data from the voter file also has been fused together with other data collected online and Census public tables released by law, allowing data scientists to extrapolate demographics and political views.
Data thieves with access to the database hold a rich dossier on each voter. That increases the risk of identity theft, targeting of populations for aggressive and fraudulent online marketing, or even improper influence on political campaigns.
The law states that after an election campaign, the voter file must be returned to the Ministry of Interior, and should not be used for other purposes besides contacting voters during an election period. The parties even sign an affidavit with their commitment. Unfortunately, that piece of paper is no match for the pressures toward sharing the data further and using it for more purposes. After all, the effort required to replicate, transmit, and share information is virtually nil and the value of the information for a variety of legal and illegal uses is great. Tragically, exposing the information endangers each and every citizen of the State of Israel.
And what about small and new parties that fall apart after the elections? The information they have can “hang around” on any laptop sold or taken after the campaign. After all, it’s hard to hold anyone accountable for the data protection failures of a defunct political party.
The Government of Israel was supposed to create a safe communication system years ago to provide secure access to voter data for the limited purpose of contacting voters during an election. Repeated inspections by the Privacy Protection Authority starting in 2009 recommended the system be strengthened. Flaws were made known to government senior officials and the public.
A responsible solution to this persistent failure would include an immediate and vigorous risk assessment and implementation of Privacy by Design tools. Israel should implement a centralized or distributed IT system that is secure, encrypted, monitored, and logs users’ activities. Its use should be limited according to a sound policy that takes into account the parties’ needs during campaigns and our wish to support the democratic process while eliminating the unintended consequences of weak data protections. The government needs to legislate this new system into the 1969 Elections Law and prioritize funding for the project.
In the age of hacks and data breaches, continuing to hand over the voter file to dozens of parties without protection and control over its uses is a massive systemic failure. The next crisis is coming. Data lists and files are still stored on networks, computers, and phones of campaign staff and vendors. Instead of waiting for the next headline, the government must act now.
For more information regarding this data breach, including a systematic overview of all the privacy vulnerabilities, please read Uri Berkowitz’s article on Globes.co.il, which can be found here.