The state prosecution last week revealed to the defense in Case 3000 – the “Submarine Affair” – that it had hacked three cell phones and collected data even beyond what had been authorized by court orders.
The prosecution sought to assure the defense that: 1) the collecting happened unintentionally and as part of a defect in the technology, and 2) that none of the data which went beyond the court orders was used in the indictments.
However, defense lawyers are increasingly livid about the number of times in which law enforcement went beyond a given court order, regardless of the explanation afterward.
In addition, is law enforcement committed to solving the issue in the future? Or does it intend to permanently continue to operate in this way: in which it scoops up a mix of authorized and unauthorized data and then sorts out afterward what can be transferred to investigators for cases?
No change in Israel Police protocol planned, investigator says
According to former police Lahav 433 investigator Rami Tamam, there is currently no plan to make a change because the technology itself does not have the capability in some instances to distinguish between authorized and unauthorized data.
For example, a judge may approve a warrant for police to listen in on, copy and print out a transcript of cell phone conversations and texts between two co-conspirators in a criminal plot, while not allowing them to listen in on conversations with the defendant’s wife or doctor.
If the criminal speaks to other criminals only in regular phone conversations, the technology may be able to distinguish, explained Tamam, who currently serves as co-leader of the Cyber Security and Forensics Program.
In contrast, WhatsApp calls and texts are all viewed by the technology as undifferentiated “data.”
Since many criminals use WhatsApp to try to encrypt their communications, much of their incriminating communications will be mixed in as “data” with material that is not relevant to the case.
UNLIKE MANY defense lawyers, Tamam is actually not suspicious that the police are running some kind of conspiracy.
Rather, his concerns about how the police operate in this realm and his suggestions for reforms are more nuanced.
In theory, the police solve this issue by separating the intelligence collection team – the cyber team – from the investigations team.
The cyber team activates the surveillance technology, which sucks up all of the data and then they vet the data to remove anything which is not included within the court order, before sending the rest of it to the investigators.
What if the technology is used too broadly?
However, what if the technology is used too broadly? A better practice would be to have one group of intelligence agents collect the data and a separate group vet it.
This would keep those doing the vetting objective about whether the collection was carried out beyond the approved guidelines.
In contrast, if the collection and vetting is done by the same people, they will not have an interest in correcting or penalizing those who did the collection too broadly.
Tamam clarified that this was not the only problem.
ANOTHER ISSUE he flagged is that frequently, multiple leads or pre-investigations might be carried out against an individual or group.
What happens, asked Tamam, when some of the data in one probe is not within the court order, but the cyber police collection officer thinks that it might be relevant to another pre-investigation once it has developed into a full criminal probe later?
Are the cyber police officials just going to erase the data when they think they or other investigators may need it later?
If they don’t erase it, Tamam asked how is it stored and what oversight is there while the data waits in limbo?
In addition, even if there is a formal “wall” between the cyber and investigation officials by placing them in separate departments, Tamam said that sometimes they meet up in the lunch room or in other informal settings.
What is to stop a cyber official from informally tipping off an investigations official about how to locate additional evidence or to seek additional search warrants based on data which neither of them should have ever been privy to? Notice that in this case, the cyber official may not even tell the investigations official about exactly what he has seen; it is just that the data he has seen may be used for extra-legal advantages.
Finally, Tamam said that the wall between the various departments is permeable due to promotions and transfers.
There is no rule preventing someone who served in the cyber department from later working in the investigations department. In fact, such transfers happen quite often.
Suddenly, an investigations official may have stored permanently in his mind information from data he would not have been allowed to see based on his current investigation status, but that he knows nonetheless because of a prior rotation through the cyber division.
Though not formally breaking any rules, this is also giving the official an extra-legal way to circumvent them and abuse his knowledge of data he should have never seen.
To cure all of these issues, Tamam recommended that the police hire an outside vetting group.
The group could include former officials from the IDF, Shin Bet (Israel Security Agency) and other security branches. The point would be that this group would be truly separate from police investigations and would not be able to help investigations officials “cheat” the limits set by court orders.