Police should end the use of spyware until the technology's use in law enforcement has been regulated by law, the Public Defender's Office said in a letter publicized on Wednesday to the deputy attorney general for criminal affairs.
"We ask you to order the cessation of the use of spyware tools for criminal investigations," read the letter, dated March 20.
The release of the letter came following a 2021 report and Knesset committee hearings on the NSO scandal, in which police were alleged to have made extensive use of malware beyond the mandate of law and warrants for years.
The Public Defender's Office argued that the use of spyware by police was not addressed in any legislation, and wasn't covered in the Wiretapping Law.
The original 1979 law had been written to regulate the use of physical listening devices, including covert police utility. These devices captured audio of conversations in the moment. The Public Defender argued that this is fundamentally different from computer spyware, which stored a history of information and altered the properties of the devices.
Government legal advisors had relied on auxiliary powers in a provision of the Wiretapping Law, which allowed the entering the premises of a place to install and extract eavesdropping tools. It was reasoned that the device acted as a place of installation.
The Public Defender said in the letter that this was based on a ruling that allowed for the closure of online gambling sites, in which they were treated as a place. The office argued that this was a completely different context for such a critical issue and that a computer is an object, not a place.
The investigative report said that the tools could be used in a limited capacity for recording calls, but the Public Defender contended that this was still a violation of the law because of the difference in functionality.
With there being a lacuna in the law on the use of spyware, explained the defender, its use by police should be stopped and the software's role be addressed in legislation -- permitting, regulating or prohibiting.
The Public Defender's Office identified two separate legal questions that had to be addressed in law. Firstly, the installation of software without consent. Secondly, the covert collection of information from a computer.
"Being discussed are powers that demand deep thought and decision by legislators on moral, social and legal matters -- and authority shouldn't be given to old legislation with laws that were enacted without anticipating the technological developments," said the Public Defender's Office.
At the very least, the office argued that a series of rules and restrictions to mitigate the harm to individual rights and privacy should be implemented.
On Monday, in a hearing on the report, the Knesset Constitution, Law and Justice Committee discussed how between 2015-2021 over a thousand phones had been infected with spyware, which allowed the illegal harvesting of notes, contacts, applications and of past correspondence. The report also revealed that the software was used in some cases beyond the expiry date of warrants.
The Public Defender said that the report showed that the use of spyware was more extensive than initially thought, but more than this, that the investigation should not be perceived as an exhaustive revelation of violations of privacy and individual rights.
The investigations into police spyware examined the databases of NSO and other companies, as well as those by the police. The companies claimed that it had provided all the relevant data -- but the company is not transparent to the public and it's not known if all the data was actually there, and if it was, wasn't altered.
The investigation team reviewed 25 cases from over a thousand over the course of six years. The Public Defender expressed doubt that all the violations could be represented by such a small sample size.
A separate request to the Attorney-General's Office was sent by the Public Defender's Office, asking to inform all those who the spyware was used of the violations.