Cyber Experts: COVID-19 Patient Tracking in Israel Should Be Transferred from Israeli Security Agency to New, Dedicated and Independent Agency
This post is also available in: 
עברית (Hebrew)
Regarding information leaks from the database: It’s a question of “when” rather than “if”.
The cellular tracking technology – Obsolete
In a special panel regarding the Israeli Security Agency law and information gathering technologies in the COVID-19 age, held by iHLS during the launch event of InnoTech Expo Tel Aviv – the innovation, cyber and HLS conference and exhibition that will be held in November, cyber experts criticized the Israeli Security Agency’s activities to locate coronavirus patients and called for the government to establish a dedicated agency to gather the information.
The panel was moderated by Brig. Gen. (res.) Sharon Nir, former commander of IDF National School of Communication & Cyber Defense, who focused on the dilemma between the “right to privacy” and the need to “save lives” through the tracking of the coronavirus contamination and prevention of the pandemic’s spread. Some of Israel’s leading experts on HLS and cyber innovation – members of InnoTech’s steering committees – attended the launch event.
Avi Yariv, an expert on cyber, intelligence and HLS and the expo’s Chairman, said: “The gathering of this data creates a large, live database that any intelligence agency, crime organization, or private investigator would have liked very much to possess – about the whereabouts of any person, what he is doing and who he is meeting with.”
According to Yariv, this information is highly valuable and even dangerous, not only in the coronavirus realm, and this is the greatest concern. “Even if everything is in order, we have created a database of how all the citizens in the State of Israel move around. In case of a hacker intrusion – we have created a strategic-level vulnerability of the State of Israel.”
Guy Mizrahi, VP Cyber, RayZone Group and one of Israel’s leading cyber experts, asserted: “I do not count on the System. The State of Israel has already proven that it could not keep our information safe. The Agron database which includes all the information the Interior Ministry knows about us has leaked and been distributed for already 15 times in the past. There are some who are holding the whole database of Israel regarding each and every person – this is a scandal.”
Mizrahi: “It is not even hacking. The state is sharing the information with every party that is being established. Time and again, the state proves that it does not know how to keep our information. It is distributed for free.”
According to Mizrahi, even if the database requires authorizations, “who could ensure that a certain employee with authorization would not track citizens on a constant basis, for money or just out of curiosity.”
Mizrahi added that in the current state-of-affairs, we consciously share all our information with Facebook, Google and Apple, as well as with our cellular companies. The difference is that commercial companies have something to lose from the inappropriate use of our information.
Mizrahi: “What would the State lose if it compromises my privacy? What would happen if a soldier had tracked her boyfriend or vice versa? Nobody would pay the price, and especially – whoever let this happen would not pay the price.”
Mizrahi, with experience in offensive cyber, added, “I’m not a great believer in the possibility to secure the information in the required quality. Even if it’s possible – nobody cares. Not enough is being done.”
Mizrahi added that the technology employed by the Israeli Security Agency is obsolete, capable of locating people in a range of several hundred meters: “A person sitting in an office three floors distant will receive a text message claiming that he has been in the proximity of an authenticated patient. This is the level of the system’s resolution, which has already sent tens of thousands of people to unnecessary home quarantine.”
Mizrahi reflected on the public atmosphere that enables the state to compromise privacy this way: “The government is using war rhetoric. In war, we are willing to renounce many things, including our right to privacy. An amazing change in consciousness has been done here in order to make us indifferent to the fact that we have lost our privacy, our freedom, and many other things along the way.”
Chief Superintendent (ret.) Adv. Itzik Shopen, formerly Head of the Computer Resources Dept. in Israel Police clarified that the State of Israel started the Security Agency tracking because it wanted to prevent a national disaster, but Israel is the only state in the western world that has operated units dedicated for counter-terror and crime operations for the purpose of coronavirus tracking.
Adv. Shopen: “Even in routine, the intelligence and investigative agencies are capable of receiving data without a judge order. This happens every day. The law’s conditionings are harm to human life and the prevention of a crime – without a judge order. The coronavirus has been included in this package. The question that we should raise is: How do you minimize the damage emanating from the activation of these tools.”
Adv. Shopen recommends the adaptation of a model similar to the one of the Israel Money Laundering and Terror Financing Prohibition Authority – an independent authority that is not obliged to any organization or enforcement and is dedicated to one goal – locating coronavirus patients. Shopen contends that this will prevent a situation in which agencies such as the police or the Security agency would be able to use the information for other purposes (as important and good as they may be) without receiving permission.
Shopen recalls an incident when an ultra-orthodox outsourced worker with authorizations had checked a governmental database for the genealogy of some other person in the ultra-orthodox sector. “The affinity to the community and belief was stronger than his professional ethics. Unfortunately, such things happen.”
The three panelists agreed that in an age where the speeding train can not be stopped, a strong regulatory agency should be established, in order to formulate the rules regarding right and wrong, an external organization that would have no interest in doing anything else with the information. As they asserted, such force should not be in the hands of law enforcement and counter-terror agencies.
Attend i-HLS’ InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020 at Expo Tel Aviv, Pavilion 2.
