Justice Minister Gideon Sa’ar weighed in on the new NSO-police controversy, saying that it was good that the state comptroller and law enforcement look into the issue more deeply.
“There is an unbridgeable gap between the claims in the Calcalist article and the official statements of the police,” Sa’ar said on Wednesday. “It is good that the state comptroller, as an independent authority, took it upon himself to probe it, and according to what I have been told, the attorney-general will also probe this. Within his office, no one knows of a case where an action was taken without court approval.”
State Comptroller Matanyahu Englman and the Privacy Authority both announced on Tuesday night that they will probe the police regarding a Tuesday morning report by Calcalist accusing law enforcement of using NSO Group’s Pegasus hacking technology against Israeli citizens.
The charges, if true, were particularly inflammatory because the report said that the police had acted without required court approvals, sometimes sufficing with approvals from the Attorney-General’s Office and sometimes only getting them from their own officials.
Knesset Constitution, Law and Justice Committee Chairman MK Gilad Kariv (Labor) said that he would hold joint hearings on the issue along with Knesset Internal Security Committee Chairwoman MK Merav Ben-Ari (Yesh Atid).
“We need to ensure that we have the matching legislation for the current technological era,” said Kariv, alluding to comments by a number of experts that the Knesset must pass new legislation to circumscribe the police use of hacking for its probes.
“The police, who are responsible for the security of Israeli citizens, cannot harm their security and democratic rights,” Ben Ari said on Tuesday. “I usually support the police, but there are instances that warrant criticism. I won’t let such incidents happen under my watch.”
Also on Wednesday, the Public Defender’s Office and Tehilla Shwartz Altshuler of the Israel Democracy Institute pushed for reforms to the country’s laws protecting privacy to strengthen them against further potential rogue behavior by law enforcement.
Police Commissioner Kobi Shabtai personally addressed the allegations on Tuesday afternoon, denying that the police have used NSO or similar hacking technologies against the cell phones of mayors suspected of corruption, or activists protesting against the gay pride parade, or against Benjamin Netanyahu.
“There was no use of these tools against ‘Black Flag” protesters, council leaders or people who opposed the Gay Pride parade,” Shabtai said. “Everything is done with the necessary legal authorization.”
Without explicitly confirming or denying the use of NSO’s Pegasus, Shabtai said that anytime the police might use advanced technologies (such as for hacking cellphones), it has had proper legal approval.
Channel 12 reported that the police had used the technology of the company Cellebrite to hack a Black Flag protester’s cellphone.
The astounding report, if true, blew gaping holes through a number of NSO, police, and potentially state prosecution narratives about the proper balance between collecting evidence and between respecting citizens’ privacy rights, and court protections from unlawful searches and seizures.
The entire system of searches and seizures for police wiretapping and other such invasive measures is supposed to be based on a carefully calibrated apparatus of court approvals.
ACCORDING TO the report, the police have been using cellphone hacking technology since 2013 as a loophole because the specific technology was not discussed by prior laws, which themselves were written before it existed.
Despite that historical discrepancy, it has been clear from court decisions and prior precedent that the alleged police use of Pegasus against suspects in regular criminal murder, corruption and other cases, if true, would be a blatant violation of legal limits if they were carried out without a court order.
The report suggested that the police have gotten away with this conduct by “packaging” evidence they collected from hacking cellphones illegally as “intelligence,” but without revealing the source.
Allegedly, some officials in the state prosecution and Attorney-General’s Office were in on the secret as they gave some of the approvals, which would require that they explain how they could sidestep the courts.
Under Israeli law, the Shin Bet (Israel Security Agency) has the power to carry out such cellphone hacking without a court order to prevent impending terrorist attacks from either Palestinians, Israeli-Arabs or Israeli-Jews, as long as various top officials from the agency or the Attorney-General’s Office sign off on it.But this same power, with no court order, does not exist for the police, and certainly not for non-terror-related cases.
Pegasus was already purchased by former police chief Yohanan Danino in 2013 and its use escalated under police chief Roni Alsheikh in 2015, the report says. Alsheikh came from the Shin Bet and brought new officials to the police with intelligence backgrounds who had a different cultural approach to collecting evidence than the traditional one of waiting for court approvals.
The report also said that under former justice minister Amir Ohana, the police were ordered to use cellphone hacking against anti-Netanyahu protesters.
NSO made a general denial of having violated any laws, but generally fell back on its standard statement that it cannot reveal who its clients are and is not responsible for their conduct.
“We wish to clarify that the company does not operate the system once sold to its governmental customers, and it is not involved in any way in the system’s operation,” the NSO Group spokesperson said in response to the report. “The company’s employees are not exposed to its customers’ targets, nor are they privy to the collected data, the ongoing operations or any other investigations by its customers. NSO sells its products under license and regulation to intelligence and law enforcement agencies to prevent terror and crime under court orders and the local laws of their countries.”
Sources did point out that some of the sales numbers and other concrete details in the article appeared to be wildly off and unrealistic, which could also put into question the credibility of other information there.
It was also noted that the article does not present any forensic proof for the allegations.However, NSO has said numerous times that it is impossible for its technology to be used against Israeli citizens.
The Jerusalem Post has learned that it is not possible for non-Israeli clients to use Pegasus against Israelis, but that it might be possible in theory for Israeli agencies to use Pegasus on Israelis (with the presumption that they would be doing so according to Israel’s laws).
The report comes as NSO has had the worst few months of its existence, getting slammed left and right by the US and French governments, media reports across the globe and human rights groups.
Recent reports indicated that the spyware provider may not survive the ongoing crisis financially.
Gil Hoffman and Jerusalem Post Staff contributed to this report.