Marari report: "Police exceeded its authority. Failings in the use of tapping systems"
The Marari report, which investigated the use of spyware by police, including NSO’s Pegasus, found that information was extracted from mobile devices in violation of the law, as well as serious failures in supervision and control procedures by police
Over half a year after the publication of Calcalist’s investigations into the police's use of spyware and offensive cyber tools developed by NSO and other companies against citizens, an inspection team headed by Deputy Attorney General Amit Marari, published on Sunday its final report, verifying the core findings revealed by Calcalist.
However, the report found that in all the technological systems used for tapping communications between computers in the hands of the police that were examined, there was no indication that police operated to tap mobile phones without a judicial warrant. Also, no indication was found that it used NSO's Pegasus without a judicial warrant to penetrate the phones of the names published in Calcalist.
Among others, the report states: "The team found that the system, in the hands of the police, makes it possible to receive certain types of data that the police do not have the authority to receive according to the wiretapping law. For example, it is possible to receive information that is on the target device and was created before the start of the tapping and even before the date on the court order. In addition, the system can receive information that does not constitute communication between computers such as log details, app lists, contact details and notes saved on the device.
"The team believes that the significance of introducing the use of a system with wide-ranging technological capabilities, which is a turning point in terms of the world of wiretapping, was not fully understood by the decision makers in Israel Police.
"Over the years, the full significance was not attributed to the scope of the potential capabilities of the system and to the fact that prohibited materials entered police computers from mobile phones, and to the accessibility of the materials received in the systems. This, even if the police had no intention of actually making use of the excess information received, and even though it anchored the regulations disallowing the use of excess information as mentioned. In the opinion of the team, it was not enough to regulate the procedures, and it was necessary to carry out a technological degeneration of the excess capabilities.
"According to the guidance of the state attorney, the attorney's office examines criminal cases in which the system was used regarding pending cases, including cases in which an indictment was filed and an appeal was made by the defense, in order to examine whether the data was transferred to the investigating unit."
There was no orderly procedure
"During all the years of the system's operation, there was no orderly procedure for the police that included the sharing of all the information necessary to make decisions regarding the legal operation of the system, between the legal counsel of the Israeli Police system and the technological elements.
"Given the lack of orderly procedure regarding the significance of the system's capabilities, as well as difficulties in sharing information, the team found that close legal support is required from the legal counsel for the police during the procurement of the systems, prior to the implementation of new systems and during their operation. It must be ensured that all legally required limitations are met before activation.”
The Attorney General was in the dark
"Over the years, the Ministry of Justice knew that there was a wiretapping system in place called "Saifen", which carries out wiretapping by penetrating an end device, but it was not known that the system's technological capabilities exceed the authority of the police according to the wiretapping law. These extraordinary abilities were not brought to the attention of the Ministry of Justice, and therefore there was no principled discussion on the subject.
"The police must receive approval from the Attorney General for technological capabilities that they wish to acquire or develop for the purpose of collecting or processing information, and that have the potential to exceed the authority established by law. This, before purchasing or developing them, and certainly before activating them."
Lack of professional supervision and control mechanisms
"There is importance in operating two monitoring mechanisms for wiretapping systems. The first is a process monitoring mechanism, according to which the police will periodically and systematically examine whether the operation of the wiretapping device and the use of the products are in accordance with the provisions of the law, the court order and the procedures. The second is a technological monitoring mechanism, according to which every wiretapping system will include a database that cannot be altered, from which information can be extracted for control and monitoring, in relation to each of the stages of the tapping process."
Failures in the police legal counsel
"The team believes that some of the failings are the result of the lack of direct subordination of the legal advisors in the various divisions of the police to the police legal counsel. The team believes that direct subordination is required in order to establish independent legal advice that has a broad vision in relation to everything that is done in the Police system. The team recommends that this issue be examined on its various levels as soon as possible."
Lack of technological knowledge in the Ministry of Justice
"There is a need to deepen the technological legal knowledge of the supervision and control elements in the Ministry of Justice."
The absence of legislation
"The existing law grants authority to operate the technological system for wiretapping communications between computers, in accordance with the position of the Attorney General, according to the findings and opinions described in the report. At the same time, it is necessary that issues of surveillance in the digital age will be regulated by legislation, including clearly regulating the limits of authority, and this with attention to the unique characteristics of the violation of privacy in these cases."
Violation of judicial orders
The Marari team reiterated the findings of the interim report and wrote that: "From the team's inspection of all the numbers that exist in the internal database of the 'Saifen' system, it was found that there is no indication of the truth of the claims according to which phones were taped without a warrant. At the same time, a few cases were found in which the judicial order issued did not correspond to the wiretapping operation carried out by the Police in relation to that party. However, in these cases the attempt was unsuccessful, and no products were received anyway.
"It should be emphasized that this test was based on data that the NSO company extracted from the core of the “Saifen” system, and which, as stated by the company, cannot be changed or deleted, and constitutes complete data of every tap carried out through the system throughout all the years of its activity in the police force."
In the team's conclusions, it was determined that: "The review team believes that it is possible to allow the Police to operate the system that allows surveillance of communications between computers, subject to the neutralization of its excess technological capabilities. The review team recommends that the police be allowed to return and make use of the aforementioned systems, but only if a number of mechanisms are installed that will ensured that the use is consistent with the limits of the authority given to it, including, among others:
1. All the necessary technological blocks will be implemented in all the systems in the hands of the Israeli Police force, in order to ensure that they only carry out wiretapping as permitted by law.
2. The use of the systems will be done with special caution and subject to the existence of clear procedures that will be approved by the Police legal counsel and the Attorney General, with an effective option for supervising actions based on reports that will be produced from the database, which cannot be changed or deleted.
3. As part of the formulation of these procedures, the imposition of special limitations or conditions for submitting applications for wiretapping regarding certain capabilities should be examined.