+972 Magazine's Stories of the Week

Directly In Your Inbox

Analysis News
Visit our Hebrew site, "Local Call" , in partnership with Just Vision.

Is Israel's search through visitors' email accounts legal?

Recent searches into the email accounts of passengers arriving in Israel raises the question of how far the state can go in its airport security checks. It is one thing to search files located on a person’s computer , but quite another to go through a person’s cyberspace history. 

By Jonathan Klinger

News that the Israel Security Agency (Shin Bet) searches the email accounts of those who travel to Israel (first reported on by Mondoweiss) is quite disturbing. According to the report, several activists who crossed the border in to Israel were requested to open up their computers, connect to the internet and log in to their electronic mail account (stored on remote servers), type their passwords and let a security official perform some searches in their account.

Indeed, Israel is probably not the only country that requests people to open up their computers upon entry. Currently, the United States is discussing the authority and the need, as well as the question of whether you can be coerced into providing your password. This caused the Electronic Frontier Foundation to issue a complete handbook to those who cross the border with electronic devices. However, even in the most extreme case, the searches reported were not as severe as these.

In order to understand the differences, I want to give the state of Israel the benefit of the doubt. I want to assume that the Aviation Act (Security in Civil Flights) grants the state the authority to search a person’s body and property when he travels to Israel, and that the Supreme Court ruling in the Avraham Ben-Haim ruling – which prohibited the police from performing consensual searches without probable cause (RCA 10141/09 אברהם Ben-Haim v. Staet) – does not apply here (even though it most probably does).

Meaning, for the purpose of this article, and solely for it, I grant the state massive constitutional leeway, and still, my conclusion is that such a search cannot be legal for mere technicalities.

I want to distinguish, in theory, between two types of searches. The first is a search inside the computer. In this case, the person who crosses the border allows the state to look inside his computer, in the files stored on the hard drive, in the same way his suitcase is searched. Here, we can assume that he has no expectation for privacy over his possessions. He is familiar with the intrusiveness of airports, and that for the sake for security, and customs, every bag could be inspected. Therefore, There is no real difference between computer searches and suitcase searches.

The experienced passenger travels when his computer and cellphone are wiped clean. In such case, nothing is stored, and therefore even if his computer is searched, it is clean, and there is no invasion of his privacy.

The other case, which is the problematic case occurring here, is an active search. In this case, when crossing the border, the state requests not to search his property or body, but to see what is stored far away, in the cloud and outside his control. A person’s email account, which is not stored on his computer, does not exist in his computer and does not pass the border with him. Here, more than anything, the traveler has a reasonable expectation for privacy; in the same way he had when he left other possessions at home.

The question of authority arises. While the authority to inspect a person’s property is understandable, this case is more like the state approaching a person travelling to Israel and requesting his consent to go to his house and open up his safe.

Now, the second question, regarding forensics, arises. As we know, there is a detailed praxis on how to deal with computer evidence: first we copy everything, and only afterwards we search (for example, OR 1153/02 State v. Abergil). The reason is simple: the search itself “touches” the files, alters them, creates signatures and messes up the chain of evidence. Therefore, even searching email accounts should be made in the same way: first copy all the inbox, then sort it out.

All of this does not occur here: the chain of evidence is dubious when the user is logged in to the computer. In another case, such a “hot search” nearly led to the acquittal of a pedophile, only because the police did not first copy, but searched on the person’s computer (CC 6961-09-08 State v. Gurevitz).

Meaning, the Shin Bet’s search of passenger computers is problematic regarding the essence of the search itself, as it does not warrant a search of a person’s entire property, whether material or virtual. When a policeman stops a person in the street, he cannot force him to go to an ATM and ask for his PIN number to see his recent activities. In the same manner, this search seems to be lacking authority.

Jonathan J. Klinger is an Israeli cyberlaw attorney and is a legal advisor for +972 Magazine. This post was originally published in Hebrew

Before you go...

A lot of work goes into creating articles like the one you just read. And while we don’t do this for the money, even our model of non-profit, independent journalism has bills to pay.

+972 Magazine is owned by our bloggers and journalists, who are driven by passion and dedication to the causes we cover. But we still need to pay for editing, photography, translation, web design and servers, legal services, and more.

As an independent journalism outlet we aren’t beholden to any outside interests. In order to safeguard that independence voice, we are proud to count you, our readers, as our most important supporters. If each of our readers becomes a supporter of our work, +972 Magazine will remain a strong, independent, and sustainable force helping drive the discourse on Israel/Palestine in the right direction.

Support independent journalism in Israel/Palestine Donate to +972 Magazine today
View article: AAA
Share article
Print article
  • LEAVE A COMMENT

    * Required

    COMMENTS

    1. Rick

      “There is no real difference between computer searches and suitcase searches.”

      I disagree. A computer is more like an outsourced brain. You might carry highly personal data on it.

      For example one might store a diary, tax-declarations, personal medical details, even from other people (think about a doctor or a lawyer) etc all this data is protected in many countries when it comes to (analog) house searches or airport checks.

      So the data on a computer is not equivalent to shirts & travel guides.

      Reply to Comment
    2. I agree the analogy seems wrong. I’d go further. The point of a suitcase search is – officially, at least – to look for dangerous or illegal items hidden inside – knives, bombs, drugs etc. The equivalent on a computer is a search of the hardware – presumably to check that there is not a bomb or trigger concealed inside. A search of files and folders is something else entirely. It is a search for information, and information unrelated to the safety of the flight.

      In truth, Israel has long been doing this sort of thing. When I first started coming, before laptops were the norm, Ben Gurion security staff wanted to look through my notebooks and diaries. They hoped to get names and phone numbers.

      Trawling for information, not bombs, is what the Israeli security checks on non-Jews and leftwingers is mostly about.

      Reply to Comment
    3. Joel

      I believe that the young women were asked to enter their passwords into the airport security agent’s computer. A difference.

      Reply to Comment
    4. Piotr Berman

      I think that a country can do what they want with visitors at the border short of physically harming them.

      However, the question is what other countries should allow. Letting strangers to inspect private information is dangerous. People have secrets, secrets can be use for blackmail, blackmail can be used to recruit informers. Not necessarily the visitor: the e-mails and other files have info about other people too. What one country does, other countries can do, e.g. Americans visiting Iran may be subjected to the same treatment, once it is routinely done by Israel.

      My conclusion is that it is against interest of USA (and any other country) to let other countries invade private files of citizens. The treatment of citizens on the border is normally reciprocal, so it is rather simple for a government to insist about a decent treatment of citizens. Recall an outcry when Turkey subjected Israelis to same search procedures as Turks experienced in Israel, that was inhumane!

      Reply to Comment
    5. Lila

      I also disagree that a computer search is similar to a suitcase search. When police get a warrant to search your house, or when circumstances justify a warrantless search, they cannot search your computer without a specific warrant. The search powers in the Aviation Law exist in order to protect the safety of a flight, and searching a person’s hard drive is not relevant to this purpose. Also-The GSS Law allows the GSS to conduct “intelligence searches” at border crossings, but even this power does not apply to computers (the current Justice Ministry anti-terror bill seeks to change the GSS Law to explicitly allow computer searches, but as the law stands now, it does not). And the SC ruling on consent searches (which talks about free and informed consent) would clearly not allow obtaining “consent” on threat of deportation.

      But I definitely agree that even if the state *were* to argue that the above powers could apply to computers (and you said you were giving them broad constitutional leeway…) – it most definitely could not apply to gmail accounts.

      Reply to Comment
    6. caden

      Mondoweiss, come on, I know since Julius Streicher was hung you have to go with what you have but how about a source that is a little closer to neutral.

      Reply to Comment
    7. Mark Croydon

      This has been going on for a very long time; it is nothing new at all. Friends of mine who work for NGOs or development institutions have for years been routinely told to do this.

      E mail messages are completely different from books you put in your suitcase, precisely because they are a form of mail; they are personal and private communications. I am very aware that many countries do not treat e mail in the same way that they treat normal mail, under the extremely dubious reasoning that they are text messages copied onto a server and therefore should be accessible to anybody who has rights to look at the server. I don’t agree with this, and think e mail should be treated like the normal post – but in any case I don’t agree that they are the same type of things as books or papers you might carry in your suitcase.

      Reply to Comment
    8. Piotr Berman

      It is a larger invasion of privacy than intercepting mail, because (a) there is an archive, (b) passwords opens other archives of documents like Google Documents, and shared documents (c) passwords opens other accounts, like in this case, Facebook, but there can be much more.

      And what if they want the e-mail password for the job-related server? This is outright forbidden security breach.

      As I said, it is stupid for US government (and other governments) to allow for that. Simply reciprocal application of the procedures would suffice.

      Reply to Comment
    9. sh

      I agree that a computer search is not like opening and rummaging through your suitcase. They say they are concerned about bombs or guns when they question you before you board a plane to Israel. Whether you’re cheating on your partner or in the throes of a bankruptcy are not likely to endanger Israel. If you need a police warrant to search a home, the same should apply to a computer. But I’m not a lawyer.
      .
      I was wondering whether the fact that Mohamed Merah turned out to have breezed into and out of Israel without hindrance a couple of years before he went on the rampage in Toulouse didn’t make someone in the security establishment feel the need to overcompensate. http://www.jpost.com/Defense/Article.aspx?id=263485

      Reply to Comment
    10. Piotr Berman

      I do not think that invading e-mail accounts of travelers is motivated by terrorist cases. It could allow to discover extremely stupid terrorists. Currently the main hysteria in Israel is “delegitimization”, basically all forms of solidarity with Palestinians. For example, some travelers were admitted only after signing a declaration that they will not contact any pro-Palestinian organizations.

      Politicians and patriotic citizens are enraged that unfriendly individuals that attempt, say, bicycle trips in West Bank, are admitted to Israel. Note that so far, “pro-Palestinian organizations” are legal in Israel, but some members of the Knesset proposed to send them to detention camps. Even though these were not formal legislative proposals, this reflects the general trend toward intolerance. It starts with Prime Minister declaring that “delegitimization” is the gravest threat against the state, and NYT and Ha’aretz belong to most dangerous enemies.

      Reply to Comment
    11. the other joe

      It seems to me to be rather self-defeating. If I was told/forced to do this, I would supply an email account which I rarely use. Indeed, one would think that activists entering Israel would right now be creating dummy accounts for this purpose..

      Reply to Comment
    12. Giorgio

      if one is about to cross that line that defines my legally protected territory, he must be ready to be checked 360. email included.

      Reply to Comment
    13. Corneliu Z Codreanu

      This is an important article describing despotism. However, there is a failsafe mechanism how to avoid this invasion of privacy. Dont travel there. I wont visit as a matter of principle

      Reply to Comment
    14. Woody

      @Jonathan

      What about this approach?

      If a person has stored (1) on his physical computer or (2) in the cloud, confidential correspondence that is protected under a recognized privilege (attorney-client, doctor-patient), then to grant consent to a search of this material destroys the privilege, as it would then be revealed to a third party.

      Even if the information is unencrypted, if it is stored on someone’s proprietary device or private email, then they have a reasonable expectation that it is not public. Therefore, individuals who have confidential communications which are protected by privilege CANNOT consent to a search without destroying the privilege. It doesn’t seem reasonable to expect one to destroy such a privilege when crossing a border.

      I’m not familiar with the interaction of selective searches and professional privileges. It would seem to me, though, that unless the search was a procedure everyone could expect to encounter when entering the country, then crossing the border does not imply/require disclosure to a third party of privileged communications.

      It seems to me that a deportation appealed on the basis of refusal to consent to this sort of search, under these circumstances, would have to be overturned, so long as the privilege was recognized by the court.

      Once a case like that drops, they’ve lost all ability to do any of these shenanigans.

      Reply to Comment