By Steven C. Bennett
Recently, I had the opportunity to teach a short course on data security and privacy at an Israeli law school. The experience was enlightening.
Israel is a democracy with a highly educated, largely cosmopolitan population. It shares close ties with the United States. Yet, Israel faces unique problems of security, and religious and ethnic tensions are palpable. Israel’s legal system, moreover, embodies a unique combination of secular and religious law, with strands of precedent and procedure from many different traditions. The result is a special blend of attitudes on privacy that can only be called “Israeli.
Jewish views on privacy
Jewish scripture has long placed a special emphasis on certain aspects of privacy. One passage refers to the “tents of Israel” in ancient times, and suggests that the openings of tents were deliberately kept from facing each other. From this simple tale, the rabbinic scholars derived a sense of the importance of privacy in the home. Jewish law, for example, forbids a neighbor to open a window on a courtyard (without consent), to guard the privacy of a residence. Jewish law also prizes the confidentiality of correspondence and conversation, strictly forbidding a stranger to read a person’s private letters, and banning eavesdropping.
It was these Jewish views of privacy that Rabbi Shlomo Yaffe, dean of the Institute of American Talmudic Law, recently cited at a program in New York where U.S. Supreme Court Justice Antonin Scalia opined that people with nothing to hide should not be concerned about privacy. “Every single datum about my life is private? That’s silly,” the Justice suggested. Some weeks later, the Justice took great offense on learning that a law professor teaching a privacy course had instructed his students to create a dossier on Justice Scalia’s most private affairs. The students, with no special skills or assistance, assembled from readily-available sources 15 pages of details about Justice Scalia’s private life, including his home address and telephone number, his wife’s personal e-mail address, photographs of his grandchildren, and the names of TV shows and meals that he prefers. Scalia called the exercise “irresponsible” and “abominably poor judgment,” though “legal."
The Jewish view of privacy seems to agree with Justice Scalia’s later statement of outrage at the exposure of his private affairs. Indeed, Justice Louis Brandeis, the first Jewish justice of the Supreme Court, while still a lawyer, famously wrote in the Harvard Law Review (1890) on the “Right to Privacy,” a “right to be let alone.” Echoing (although not expressly citing) Jewish sources on the importance of the separation of public and private life, Brandeis remarked that the law “secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.” Brandeis worried that “recent inventions and business methods (including the telephone and instant photography) could “invade the sacred precincts of private and domestic life.”
The Brandeis view of privacy did not immediately take hold in American law. In 1928, while on the Supreme Court, Brandeis failed to convince the Court that wiretapping of telephone conversations was unconstitutional. In dissent, Brandeis lamented that privacy, “the right most valued by civilized men,” could be lost through modern technologies.
Eventually, the Brandeis concern for privacy was enshrined in American constitutional and tort law. In 1967, for example, the Supreme Court ruled that wiretapping without court order was, indeed, a violation of the Fourth Amendment. And, over the course of the twentieth century, U.S. courts increasingly ruled that exposure of intimate details of a person’s life, misuse of a person’s photograph for commercial gain, and other intrusions could justify relief. Recently, in New York, for example, Woody Allen obtained a multi-million dollar settlement from a company that used a picture of him dressed as a Hassidic Jew from the movie Annie Hall, without his consent.
Thus, the Brandeis view of privacy, nourished and cross-bred in the American garden of common law, has grown into a broad (though still somewhat vague) “right of privacy.” The Jewish influences and origins of that right, also somewhat obscured, nevertheless can be traced. But what happens when those Jewish seeds are re-potted in another country and time?
Modern Israel and the right to privacy
Since 1948, Israel has grown quickly, from an agrarian, mostly small-town culture, to a modern, increasingly urban, and technologically astute society. Still, there are certain features of Israeli culture that remain rooted in traditional values.
“Jews have always lived together in close quarters,” says one law professor. “They know everything about each other.” A student echoes the sentiment: “In Israel, between every two people who don’t know each other, there is always one who can connect them.”
On the other hand, in enforcing Jewish values regarding privacy, the close, communal nature of Israeli society may offer some benefits. More than 900 years ago, Rabbi Gershom (a famous Jewish scholar in Germany) introduced the concept of a “cherem,” a community boycott applied against those who wrongly read the private letters of their neighbors. This form of community pressure, one student suggests, may still work: “It may be more effective to deal with what is a community issue, in breaches of privacy, with communal tools.”
Even the Army, a near-universal experience for Israeli citizens, offers a mix of experiences that may inform Israeli attitudes on privacy. “What privacy?” one student asks. “The government knows everything about us from the day we join the Army.” On the other hand, the Army is a key element in community building. As one older lawyer explains, recruits may form lifetime bonds in their units. Their annual reserve service, moreover, reinforces those bonds, as a sort of “retreat” from daily business concerns.
Israeli privacy law
The aim of the law, says one student, is to “design a fair and right society,” with people who can “develop and think freely.” Despite these lofty aspirations, Israel has never settled on a single, complete, formal constitution. Instead, over a lengthy period, the Knesset (legislature) has adopted a series of “basic” laws, establishing the essential structures of government, and outlining fundamental rights.
In 1992, Israel adopted a basic law on Human Freedom and Dignity, which, among other things, recognized that “all persons have the right to privacy and to intimacy.” The basic law, in a classic restatement of Jewish concerns for private life, declares: shall be no entry into the private premises of a person who has not consented thereto,” and “there shall be no violation of the confidentiality of the spoken utterances, writings, or records of a person.” A Secret Monitoring Law, moreover, specifically precludes “listening in” (wiretapping) conversations without consent or court order, and a separate Protection of Privacy Law requires registration of mass databases with a central government authority.
In 1998, moreover, Israel adopted a Freedom of Information Law. And the Israeli Supreme Court has enforced the principle of openness in government, requiring (in one famous case) that Knesset members reveal the terms of the coalition agreements they sign.
Despite these basic laws, a recent report of government and academic experts (the Schoffman Committee) suggested that Israeli data privacy law requires stepped up civil (and even criminal) law enforcement efforts. The report criticized administrative regulation of privacy, and recommended some form of class-action device to aggregate small privacy claims that might otherwise escape judicial attention. The report also suggested development of a data breach notification law to ensure that individual citizens are made aware of compromises of their personal data.
Partially in the wake of these reform concerns, the Israeli Law, Information, and Technology Authority (ILITA), an agency within the Justice Ministry, recently commenced operations. Although small (with a staff of less than 10) the Authority is growing in influence. A recent ILITA conference featured a large and lively audience intent on debating the best means to improve Israeli data protection and privacy.
In December 2008, moreover, Israel’s new anti-SPAM law went into effect. The law, consistent with European practice, adopts an “opt-in” approach to commercial messages. Consumers must affirmatively choose to receive advertising. Advertisers who violate the law are subject to serious fines.
National security concerns
“We are living in a police state. You must get used to that fact,” said an American-born Israeli lawyer over dinner in Jerusalem. “The need for security is paramount.” A student emphasized that “when it comes to fighting terrorism,” a person “has to trust someone,” and “it might as well be your own government.” Another law professor went further: “Privacy is a liberal western concept. It is not part of the Middle East. Besides,” she said, “it is ‘survival first’ here.”
In Israel, says one student, “security” is almost a “religious, holy” word. Israelis well know the forces arrayed against them and the real risks of terrorism. Tzipi Livni, then foreign minister of Israel, warned the United Nations in October 2007 of a “global battle” with extremists in which Israel was “on the front lines.” Israel, she said, faces daily suicide bombers, rocket attacks, and more.
Tensions have only increased since then, with the election of a more right-oriented Likud coalition government, led by Benjamin Netanyahu. During the election campaign, Netanyahu suggested that the Israeli incursion into Gaza did not go far enough, and that “extremists” would continue wherever Israel relinquished control.
In this highly-charged atmosphere, one might expect some imbalance in Israeli views on the trade-off between security and privacy. Yet, the imbalance is moderated by genuine concern for personal freedom. In the classroom, for example, students vigorously debate the issue. “They are experts,” says one student, referring to security personnel. “Not like the Americans bumbling at their airports.” His classmate disagrees, suggesting that those in charge of the most sensitive information “may not always be qualified or experienced enough.” Besides, she says, there is too great a temptation to target those who speak or look Arabic: “It’s discrimination,” she concludes.
And the consequences can be harrowing. One student told a frightening tale about a drive to Be'er Sheva. Suddenly, his vehicle was surrounded by Army scouts with rifles pointed directly at him. They checked his identification and let him go with a brief explanation that he was driving a car that resembled one mentioned in a terrorist alert. Others in the class murmured that this scene is not unique. The pervasive sense of surveillance, they said, can be unsettling.
New technologies, moreover, increase the prospects for surveillance and government data control. Pending before the Knesset, for example, is a bill to create a biometric registry, including fingerprints and digital photographs, for use in all Israeli identification cards and passports. The system would create a national database, registering information on all citizens and residents. A similar system is already in use at certain Palestinian border crossings, and at the Ben Gurion Airport.
Concerns about such systems evoke deep-seated memories. Given the history of the Holocaust, “there is a very uncomfortable sensation of the moral implications of such a [biometric] database,” writes one student. Indeed, the head of the Israeli Bar Association Committee on Privacy Law severely criticized the database, noting the risk that it could be hacked by data criminals, or even terrorists. Further, he said, the “government will make potential criminals out of every law-abiding citizen.” Another law professor (and advisor to the ILITA) suggests that there is no real security need for the database. The Israeli Security Agency, he said, already has sufficient information regarding real security threats (versus the mass of citizens who would become subjects of the database). Yet, the effort has strong support in the Knesset, and may be adopted this year.
Future directions for Israel
There are very few degrees of separation between Israelis and Americans. Israelis embrace American fashions, language, and business customs. Yet, in the privacy arena, Israel has much more in common with Europe than the U.S. The European Union has adopted more comprehensive and stringent directives on privacy protection than has the United States. The Europeans, moreover, set the “tone” for Israeli views on privacy regulation. Israel has worked hard in recent years to convince European regulators that its privacy-protection system is “adequate”—a term of significance in European regulation. Yet, the European Union may be influenced by the politics that so pervade all foreign relations with Israel. “We were told by the EU: ‘When you stop killing kids in Gaza, we will certify you,’” said one advisor to Israel’s mission to the EU.
Still, the parallels to Europe will almost certainly persist. Despite the Holocaust experience, Israelis, much like Europeans, largely depend upon their government for security and welfare in ways that may seem excessive to Americans. Israelis did not suffer through Johnson and Vietnam or Nixon and Watergate. And, in an inversion of Pogo, “they have met the government and it is us.” Thus Israelis, like Europeans, may spend more time fretting about unnecessary interference with consumer and employee privacy, and much less time worrying about the government.
Steven C. Bennett is a partner in the New York offices of Jones Day. The views expressed are solely those of the author, and should not be attributed to the author’s firm or its clients.
Impact of law on privacy policies, practices
Researchers from the University of Haifa and Tel Aviv University studied Israeli Web sites’ compliance with information privacy regulation to determine what impact, if any, the law has on Internet privacy.
For the study, “Does Law Matter? Informational Privacy and Online Compliance in Israeli Web Sites,” law professors Michael Birnhack (Tel Aviv University) and Niva Elkin-Koren (University of Haifa) examined nearly 1,400 active Israeli Web sites, finding that the majority fail to follow the letter of the law when it comes to protecting users’ personal information.
Specifically, Birnhack and Elkin-Koren examined:
* Legal requirements that apply to information privacy practices under Israeli law
* Web sites’ privacy policies
* Web sites’ privacy practices
The researchers determined that legal compliance among public and private-sector sites was relatively low (16-22 percent). Popular and “sensitive” Web sites had better compliance levels and fewer violations, according to the researchers’ report.
“The overall picture that emerges from the findings is one in which the law seems to have only a relatively minor role in shaping users' 'privacy experience' online, with other forces and factors clearly at play,” the researchers wrote.
Birnhack and Elkin-Koren also noted that commercial enterprises with more robust legal bandwidth seem more likely to comply with privacy regulation, while small enterprises with limited legal counsel resources seem less likely to comply. This, they say, “is a troublesome conclusion, given the increasing threats to the privacy of users in the Web 2.0 environment.”
For the full abstract, or to download the report, go to: http://cyberlaw.stanford