20 Israelis sue Likud over app breach that led to massive data leak

A group of 20 Israelis filed a NIS 1 million ($286,370) lawsuit on Sunday against Prime Minister Benjamin Netanyahu’s Likud party and the developers of an app it used to register voters ahead of the parliamentary election, after massive data breaches leaked the personal information of millions of citizens.

The plaintiffs argue in their suit that the use of their information by Likud and by the Elector company, whose application the party purchased, violated their privacy.

“The lawsuit is intended to show that those who do not safeguard the privacy [of others] will consequently feel it in their wallets,” said the attorney representing the plaintiffs, Jonathan Klinger, in a statement.”Additionally it reminds other players in society that if they also violate citizens’ privacy there will be someone to come and sue them.”

Get The Times of Israel's Daily Edition by email and never miss our top stories


Free Sign Up

The plaintiffs argued that while the ramifications of the consecutive data breaches won’t be known for several years, such leaks in the past have led to “identity theft, impersonation and even tampering with national security.”

Screenshot of the website of the Elector elections data app, taken February 10, 2020.

Twice in two weeks last month, Likud’s online voter-tracking efforts have resulted in leaks of the entire database of Israeli voters, including names, home addresses and other details, to the wider internet.

The first breach was one of the largest and most compromising leaks of Israelis’ personal information in the nation’s history, leading to the party being investigated by authorities for possible violations of election privacy laws.

A petition filed to the Central Elections Committee accused Likud of using its access to the official voter registry to create a database of all voting-age Israelis that it then made available to its grassroots activists through the publicly available app Elector. The app is intended to enable political parties to conduct real-time data-crunching on election day, showing vital ground-game information on individual voters, polling stations (including rates of support for a party by station) and regions. But a flaw in the app’s web interface gave “admin access” to the entire database, allowing anybody to access and copy the Israeli voter registry, along with additional information gathered by Likud about hundreds of thousands of voters.

The exposed database includes the full name, sex, home address and in many cases cellphone number and responses to political polling for 6.5 million Israeli adults.

The second leak was caused by faulty data protection on Elector, which Likud used to register and assign its election-day observers to ballot stations around the country.

There has been no immediate evidence that the exposed information was downloaded by foreign actors before the vulnerability was discovered.

Illustrative: Officials count the remaining ballots from soldiers and absentees at the parliament in Jerusalem, a day after the general elections, April 10, 2019. (Noam Revkin Fenton/Flash90)

Likud called the second leak part of a series of “criminal attack attempts against Likud websites” that were being carried out by “criminals acting systematically to harm Likud and the electoral process. Likud has filed yet another complaint with the police and we expect swift action to catch the criminals.”

The Justice Ministry’s Privacy Protection Authority launched investigation into the latest breach. The National Cyber Directorate is also taking part in the investigation.

Senior judges and law enforcement officials were among the individuals whose political leanings were listed in the leaked database, information security researchers found.

Officials are now looking into possible breaches of privacy laws — including handing over the voter registry to the programmers of Elector. Israeli election law gives political parties access to the registry, but forbids handing it to a third party.

Elector was used by other parties as well, including Yisrael Beytenu and in a limited way by some primary candidates in the Labor party over the past year. But Likud was the only one known to have outsourced its voter data wholesale to the app, and Netanyahu has on many occasions urged party activists to use it, saying it would “give us victory” on election day.

Prime Minister Benjamin Netanyahu, center, blows a kiss to the crowd as he’s surrounded by activists during a gathering to show support for him as he faces corruption investigations, held at the Tel Aviv Convention Center, August 9, 2017. (AFP/Jack GUEZ/File)

Likud’s lax data security combined with its fervent embrace of big-data methods for its campaign have drawn a torrent of criticism, especially since past mistakes do not seem to have improved the party’s handling of voter information.

The latest round of missteps follows a voter privacy debacle ahead of the September 17 election. The business journal The Marker reported on September 9 that it had managed to access Likud’s voter database (Hebrew link) through a party website, including information the party had recorded on each Israeli’s relationship to the ruling party. For example, over 600,000 people were listed as “not supportive.”

Comments are closed.