Intellect or Insanity, Jonathan Klinger's Blog

0.
Israel is to attempt, again, to pass a bill that authorizes police officers to issue warrants to Internet service providers to block or restrict access to specific websites involved either in gambling, child pornography or copyright infringement. The bill itself proposes that such administrative procedures shall be clandestine and that court decisions shall be made ex-parte, where some of the court’s ruling will not be even disclosed to the owner of the website, and the court may hear and use inadmissible evidence.

In my opinion, one of the saddest things in a democracy is that powers with authority can change the rules after the game commenced. This is story with blocking of gambling sites, an experiment which began around 2010.

Fortunately, after a lot of hard work by the Israeli Internet Society, The District Court of Tel-Aviv quashed the block and ruled that the police had no authority to order Internet service providers to block access to certain sites or IP addresses (decision now on appeal, see the Hebrew original ruling at AA 45606-10-10 ISOC N. Shachar Ayalon).

However, Israel is famous for presenting bills that bypass constitutional rulings, and now wants to reassert this authority, without limitation, by presenting a new bill: The Bill for Restricting Uses for Preventing Crimes (Amendment – Restriction of Access to a Website and various revisions),2012 , (Google Translation).

1.
You can read a bit more about the bill at Oded Yaron’s article at Haaretz.com (behind a paywall). In general, the bill’s purpose is to circumvent the relevant court ruling and allow the police to block websites. In the district court ruling, the police’s authority to shut down gambling houses cannot apply to websites. However, the bill’s current wishes seem to be broader:

Had a certified police officer reasonable grounds for suspecting that the website is used to commit an offense specified in the Second Schedule [gambling, child pornography or copyright infringement - jk], and that there are reasonable grounds for concern that the website will continue to be used for committing a crime unless access is restricted, he may issue a warrant for Internet Service Providers to limit the access to that Web site; a warrant under this section may be issued even if the website also contains activity which is considered legal [or legitimate - jk] provided that the illegitimate activity is the main purpose of the website.

Now, as befits any modern legislation, justice it made but us not seen. Article 3 of the bill discusses execution of additional warrants, where everything shall be made ex-parte:

“material relating to the request to extend the validity of an administrative restriction or information based on which such request and any other material provided subject of the application process will be made to the judge only; material will be marked and returned to the police officer or authorized claimant (in this section the applicant) after examining “

But it’s not just that material will be ex-parte; in some cases, the ruling itself may be withheld from the appellant. “The court shall notify the owner or occupier and the police officer on its decisionunder this section, and it may determine that the decision, or parts of it, shall be confidential“.

2.
This means Israeli that citizens may find themselves in a situation where they are subject to a warrant which is confidential. In such case, They will not be able to challenge such an order, because the grounds for the decision will unlisted . Sounds interesting? Well, I remind you that when we discussed that Communication Metadata Law, which allows police to receive GPS data on phone and Internet subscribers and records of their phone calls, everything was made in confidential decisions (with no further judicial review on them). Therefore, do not know how the law is implemented, how these requests really served illegally, and how judicial review works.

3.
The bill itself is absurd if you understand the Internet: everybody knows that no matter what order blocking a given Web site, its validity is about as much as an order of Police fires in summer temperature does not exceed 25 degrees Celsius (or if you’re in the US, that it won’t snow on Christmas). I mean, okay, ISPs will restrict users from browsing, but that’s not actually something that works (proxy servers et all).

4.
But of course there’s the issue of the slippery slope. The original act, which is to be amended by the bill, gave a judge the authority to issue a warrant under careful review; however, the bill conveys this authority to a police officers.

5.
What about additional uses? Well, in order to pass the bill, the police began with abhorrent offenses considered: child pornography and gambling. Clearly, no one will oppose the authority to block such websites if he’s not a pedophile or a gambler. Well, not really. That’s why the phrase “Second Schedule” is used to described to offenses that are subject to this authority, in fact the bill asserts a short list of offenses, where the minister of justice can always add additional offenses. Once the bill is passed, no one can be certain that no additional offenses will enter there.

6.
The real danger here is practice: in the same week where we discovered that the military police apparently investigated a blogger which was exposed using the metadata act without respecting his journalistic immunity and confidentiality of sources, and on the same week as the non-democratic nations want to rule the internet through the ITU convention, Israel decides to publish this bill. And why? because Israel deems it ok to gamble all your money is the state lottery, but not right when you give money to foreign websites.

A rumor was spread that Israel was the brain behind an elaborate trojan horse, Stuxnet, which alegedly penetrated into the Iranian nuclear reactor and apparently caused damage. the trojan horse contaminated some civil facilities as well. The trojan horse, which utilizes no less than four different zero-day vulnerabilities in Microsoft Windows seems interesting and elaborate. However, the alleged involvement of Israel, alongside the claim that civilian facilities were damaged in the act, raise one interesting question: Could there be electronic war crimes?

The Public International Law, which bases the humane treatment to civilians in the different Geneva Conventions, sets the standards to use in times of war and defines acts prohibited by states in order to keep wars as civil as possible. The different conventions limit force and sanctions against civilians, but do those treaties and conventions apply on electronic warfare?

Prima facia, article 53 to the fourth Geneva Convention which deals in protecting civilians in times of war states that “Any destruction by the Occupying Power of real or personal property belonging individually or collectively to private persons, or to the State, or to other public authorities, or to social or cooperative organizations, is prohibited, except where such destruction is rendered absolutely necessary by military operations“. However, the fourth convention applies only, in this article, to occupied territories (Prosecutor v. Dario Kordic, Mario Cerkez). In contrast, the 1977 protocol amended and added to article 51 and stated that “Indiscriminate attacks are prohibited. Indiscriminate attacks are:those which are not directed at a specific military objective; “. Meaning that an electronic attack against civilian property that couldn’t discriminate between military and civilian facilities are prohibited (However, most states have not adopted the 1977 protocol).

Jack Goldsmith states that the inability to determine which computers are military and which are civilian may protect the use of computer viruses in electronic warfare, but I reckon the other way around: In the same way that indiscriminate shooting against innocent civilians is a war crime, so is using a trojan horse that does not differ civilian and military computers. The indiscriminate use is as prohibited as the use of chemical weapons which cannot discriminate civilians and soldiers. It is not a coincidence that the terminology is the same: computer or biological viruses.

And what about the civil liability? Theoretically, the state immunity (and liability) should be limited in times of war (and see, in IsraelThe Act of Civil Torts (State Liability) 1952) and the state should not be liable for acts where the state protected itself; however, this doctrine should not be used in cases where civil damage arose when the state knew, should have known and forseen the damage (HCJ 8276/05Adallah v. Minister of Defense). Therefore, the civilian casualties in Israel’s alleged cyber-attack should have liability against it.

Intellectual Property laws have more than a few political implications; many times issues of political speech interfere with copyright. For example, Shepard Fairey, an artist who authored the famous “Hope” poster for Barack Obama, was sought by the Associated Press for copyright infringement as the image of Obama was based on a copyrighted photo (and in Israel, a the Supreme Court will soon hear a similar case, RCA 7774/09 Weinberg v. Weisshoff, where the Defendant is sought for copying a photo the Plaintiff took into a coin made in memory of the assassinated prime minister, Yitzhak Rabin). In another case, the US Senate candidate, Sharon Angle is sought by the proprietors of rights to newspaper articles for presenting copies of the articles which she appeared in, on her personal website and there are more cases; mostly, these cases are borderline in relation to copyright protection, but they are classical monetary suits, not political.

In contrast, the story which was spread on the press during the last few days was not less surprising, but at least ended in an interesting manner. Two days ago, the New York Times reported that the Russian government and police use copyright laws in order to supress political dissidents. The system worked as follows: The Russian police used its granted authority to enforce copyright laws in a violent manner (and it did so in the past, where it sent a school principal to prison for using unauthorized copies of Microsoft Windows) and claimed that copies of Microsoft Windows installed on the dissident organization’s computers are unlicensed (pirated – jk); In Russia, where the unlicensed software rates are only second to the Israeli conviction rates by a person’s confession, it is more than likely that a political organization will use unauthorized software>.

First, it was reported that Microsoft encouraged the enforcement as a part of its zero-tolerance to copyright infringement policy; however, after suffering from damage to its public image, apparently, it decidedto reform its licensing policy, so that a general license will be granted to non-profits in order to protect them from political pursuit. In a post published by Brad Smith, Microsoft Senior VP and Counsel, he explained that Microsoft could not be a part of this and must take an ethical stand.

The claim may be true, but it could also reflect a wise business approach. Until today, Microsoft profited from unlicensed use in 3rd world countries. Microsoft also knows that if raids like this will continue, dissidents will stop using Windows and move to open source software, and primarily Linux, in one distribution or another. Moving to Linux is unilateral, it changes a person’s point of view: from organization that were dependent of a specific software to a part of a larger community; Most organization who hear about open source are enchanted by it, they have an option to donate, contribute, change, share information and not just run the program.

Moreover, Privacy Enhancing Technologies are more available on open source operating systems. From the EXT4 file system which comes by default in Ubuntu and encrypts your hard drives (similar to Microsoft’s BitLocker, but it just works), through TOR servers who reduce censorship: Open Source is the new heaven of dissidents.

Therefore, Microsoft’s blanket license comes to heal a small shallow scratch, not the problem: Copyrights are ill, and Microsoft took the right way to take care of it: acknowledging that non-profit use is fair and allowed. However, until further technologies, innovative ones, will protect dissidents, the raids will continue. Today it’s the operating system, tomorrow, the word processor, afterwards? image editing programs.

0. Abstract
Could a state with no secrets function better when protecting national security than a state that keeps information away from the general public? In this brief article, we will inspect the reasons for keeping classified information, what they are meant to protect and how they protect national security. We will present the method used by Israel, which is similar to most states. Israel’s approach, which is to keep all the information from the public, failed in general and caused nothing but costs on privacy, freedom of expression and national budgets.

Following our review, we will compare the classified information model to a model in information security, called Security through Obscurity and present how this model was perceived as flawed. Against it, we will present the Open Source Model, which creates transparency towards the general public, allowing it to inspect the security flaws, and therefore creates stronger protection.

Our conclusion would be that better national security could be reached by removing all classified information and disclosing all information to the general public. We believe that by making the information public, the cost of the censorship apparatus will be eliminated. We also believe that by adopting a ‘no classified information’ approach, governments may improve physical security when they rely on the foundations of open source security as detailed herein.

In my brief argumentation I will use the Israeli law, but provide some examples from other cases.

1. Classified Information and what it Protects.
Every state has its secrets. States choose, in certain cases to classify information from the general public. Classifying information goes back as far as Greek times, and goes under the standard four categories: Top Secret, Secret, Confidential and Restricted. Israel has four apparatuses which are in charge of Confidential information: The Information Security Department, whose goal is to prevent classified information from leaking from the army, The Military Censorship, which operates under the Defense Ordinance (Time of Emergency), 1945, that controls media publication and telecommunication, and has authority to refuse the publication of any information that has any relation to national security, the General Security Service (Shin Bet) that acts according to the General Security Service Act of 2002, where clause 7(2) allows the service to classify documents and determine how to handle such documents and the Director of Security of the Defense Establishment, which is in charge of security in military industries, research facilities and other national security industries.

Some authorities in classifying information do not appear to exist in laws, and some operate under the vague and broad exemption added in the Freedom of Information Act, 1998. Clause 9 to the Israeli FOIA exempts disclosure of any information which may harm national security, foreign relations, public safety or a person’s well-being. Even in cases where classified information was disclosed, the courts still allowed the security agencies broad discretion as to what to blur out (HCJ 258/07 Zehava Galon v. The Governmental Committee for Inspecting the Battles in Lebanon 2006)

But what constitutes as confidential information? There are no actual guidelines for applying what is confidential and how confidential specific documents are, and every document that contains ‘information’ as defined in the Israeli Penal Code, in part II, chapter 7, the Penal code provides a broad definition, inflicting legal sanctions on disclosing any information to an enemy where it might be useful to him (clause 111). Confidential Information is defined as any information where national security requires keeping it secret, or information relating to any matter that the government, with the consent of the parliament committee for foreign relations and security, declared as confidential. Critics to this arrangement offered an amendment, but following the Parliament’s research center’s comments, these amendments were not implemented.

The burden of proving what constitutes non-confidential information lays on the defendants in cases (see, for example, CC 1055/01 State v. Yacov), in Yacov, the court explained that while “the military censor is qualified to strike out information which is most-likely about to severely damage national security”; the penal code is wider, and applies to cases where national security requires keeping it secret.

In another interesting case, the widow of a person who worked in the nuclear research facility requested to receive the results of an epidemiological survey between the facility’s workers which the facility took. The State declined to provide the information by explaining that it relates to national security. However, when the court rejected the state claims, it expressed criticism over the state’s conduct: “the state wiggles in its arguments and cannot point to a normative authority where it draws the classification of the information. It is, according to the state, basic foundations, but these basic foundations have to be applied by the General Security Service Act, 2002, and the rules according to it (which are classified, so the state cannot disclose them to the court, but as a graceful act the state is willing to summarize them)” (CA (Tel-Aviv) 2571/01 Hanna Hizi v. State ); the court itself explained that it cannot understand classification, and the state has to acknowledge the differences between confidentiality and classification. Classification does not create basis for exclusion of evidence, and unless the state decides to exclude an evidence by means of national security according to the Evidence Act, 1971. However, in cases where the court finds the evidence may have had something to assist the party who wishes to submit the evidence, then the state shall default (OCR 2489/09 Zeev Braude v. State).

The Israeli Supreme Court deal with the question of what constitutes classified information in Vanunu (CA 172/88 Mordechai Vanunu v. State); in Vanunu, a former worker of the nuclear research facility was charged for espionage when he disclosed information regarding Israel’s nuclear activity to press agents in the UK. The supreme court decided to convict Vanunu for collecting and disseminating information to the enemy. The court analyzed this clause and explained that “He who provides information to the enemy; meaning, any information, even if it is public information arising from the press, his activities fall into clause 111”. Therefore eliminating classification need at all.

What Does Classified Information Protect? The question of what classified information protects is a difficult one to answer. Some claim that the purpose of classifying information is withholding it from foreign agents, and explain that when many people have access to certain information, it harms national security. Classifying information makes it harder for counter intelligence and foreign military forces to obtain information regarding a state’s forces, and allows it to operate where the other party does not know its rules of engagement, its powers, officers, or even defense mechanisms.

But the real question is how much this information, used by foreign intelligence,  endangers national security , and does the burden of protecting this information overcome the value of keeping it secret or not.

When the classified information is the actual secret (e.g the actual location or time of a specific operation) then it is assumed (though not significant) that information about the operation that becomes available to hostile forces may lead to less successful results, at least. There are specific sets of information that are considered confidential and are not pieces of information that have (statistically insignificant) connection to current, ongoing operations or other information that if leaked may cause damage to national security.

For example, the actual existence of a specific weapon or the location where a missile fell after an air-strike cannot be considered a state secret for several reasons: the first is that it is not kept away from the public; as what the general public sees cannot be considered national secrets. For example, during the 2006 war, the military censorship requested Tapuz, Israel’s largest forum operator, to censor posts made by civilians about where Hizbullah missiles fell. Another case  where information that is in the public’s plain view was considered confidential was when Parliament Member Yossi Sarid threatened that he may disclose information about weapons used by the IAF after the IAF killed and wounded dozens of Palestinians, including civilians, in weapons that were allegedly in plain view.

Another case where public plain viewed information was considered confidential was when Israel denied using phosphorous during the Cast Lead Operation of 2009, where the evidence was left in the Gaza Strip, which allowed the Goldstone committee, which inspected Israel’s activity following the operation, to find that Israel’s denial was false. So, in this case, how could the use of phosphorous be considered confidential information where there is evidence in plain view regarding the use?

Therefore, confidential information could be considered confidential as long as no public information regarding it exists. For example, the location of specific military or nuclear facilities that are located close by to cities and have road signs directing to them, could not be considered confidential information. Israeli Blogger Ido Kenan points out that Israel has a policy of withholding this confidential information in road signs presented in Arabic, and leave the confidential information only in Hebrew and English.

In conclusion, classified information in Israel is defined in an overbroad manner, containing information that may be considered in plain view and known to the general public. By acknowledging this flaw, we may understand the basis of information security and examine the weak points of such method of information security.

We believe that there has to be a difference between the classification of security mechanisms by themselves and information (data) which relates to specific, mission critical, information that is classified. The difference is between information regarding the existence and functions of a specific unit, its weapons , its history, and current plans regarding  an operation.

2. Security By Obscurity, A Problem
2.1 Security By Obscurity
When trying to protect information in a digital environment, there are two popular methods used by Information Security experts. The first is Security through Obscurity: this method, which is quite similar to the Israeli Classified Information method or approach, hides all information related to security from plain view and classified it as confidential; by using this method, “a system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them”. The model bases itself on the fact that others are unaware of the activities taken and that most confidential activities could be disguised from plain view.

However, the flaws of this model are that the secrecy of the information is exactly what lets security flaws to remain secret as well. For example, GSM encryption was hacked during 2003, and again during 2009. These hacks were published to the public because they were a part of academic researches; however, in certain cases the hacker may not be so eager to publish its research. In some cases, employees or contractors may sell known exploits which were not taken care of and criminals may sell unknown exploits either to other criminals or to the company itself. Moreover, relying on a sole provider to fix the security breach could sometimes cause more problems.

The main disadvantages of Security through Obscurity may be summed up to: (1) few people inspect the system for flaws, and sometimes actually inspecting the system may be considered illegal; (2) hostile entities reviewing the security of the system do not disclose their results; (3) dependency on one vendor/provider to review and fix security breaches.

2.2 The Open Source Model.
In contrast to Security through Obscurity, Open Source advocates rely heavily on Security Through Transparency, using this method, the algorithms and software used to encrypt or protect information are known to the public, providing the public an efficient way to report security vulnerabilities, and even to propose bug-fixes. The more people have the chance to inspect the security mechanism, the safer they will be.

For example, Security firm Secunia found that more security flaws were found in the Open Sourced Firefox than in proprietary code browsers, but the number of Zero-Day unpatched flaws was significantly lower and so was the time that it took to fix any flaw. By making all of its information public, a software vendor may create better security and allow any researcher to discover flaws. Moreover, transparent security mechanisms may also deter hackers from looking how to circumvent zero day flaws in fear of being caught (See aso, David Wheeler, “Is Open Source Good for Security?”).

The Open Source Model does not ignore the basic concepts of information security, but it acknowledges their flaws and attempts to build better models.

3. Could Building a Transparent State Solve National Security?
Could we imagine a state where all public information could be deemed as non-confidential, security mechanisms would be public and open for scrutiny and confidential information would be reduced to a minimum? We believe so.

Currently, a state like Israel has to operate counter intelligence just to solve the problem of collection of plain-view information and to protect from hostile action. When operating an open source model, counter-intelligence could be abandoned and replaced with crowd sourced models, which will help to build stronger mechanisms of protection.

Moreover, removing the ambiguity relating at-least to nuclear weapons in Israel would assist deterrence and strengthen national security. Weak points  in Israeli theoretical protection would be visible to the public and could be fixed quickly; moreover, the actual items that require protection could receive the needed funds and resources to protect them.

3.1 What is there to lose from revealing all classified information?
While we do not necessarily wish to reveal all information, certain information relating to means of operation and security regulations have to be declassified. For example, both the General Security Services Act and the recent Inclusion of Biometric Information and Data in Identification Documents and Database Act of 2009 state that all regulation and orders will be classified, as well as any information regarding security breaches. Moreover, when discussing the act in Parliament, security experts raised concerns over the database possible flaws, and the Minister of Interior, Eli Yishai, ordered to open the security protocols for discussion, but such discussion was never made. Keeping the database, as well as security guidelines and notifications of security breaches secret seems good in the eye of a person who thinks that an enemy may abuse such faults; however in the eyes of a security researcher, these allow zero day flaws and known vulnerabilities to be used against the database  (see, for example) and allows a false feeling of security.

The only thing that may be lost when protocols, orders or regulations that remain secret are disclosed is the misconduct of an authority or its acts against the law; for example, as a result of Israel’s Freedom of Information Movement’s appeal, it was revealed that the cellular companies were required to adhere to secret regulation regarding cooperation with intelligence agencies and disclose subscriber information.

Therefore, when the governmental default approach is that there is no need for privacy unless a person has something to hide from the government (which seems to be the default approach when discussing the Israeli government, as the Biometric Database Act, the Criminal Order (Submission of Metadata) Act of 2007, and other statutes turning Israel into a surveillance state) then the default approach towards the government should be that all its secrets are meant to cover up unlawful activities.

3.2 What is there to gain from revealing all classified information?
First and foremost, the Israeli Government may regain public trust by disclosing all activities. The Israeli public, for example, strongly believes that the Biometric Database will leak, mostly due to the fact that quite a lot of sensitive data has  already leaked from Government databases and that 70% of the general public does not trust database protection in Israel. A different survey by Symantec found that 60% of the people do not trust the government with their private or personal information.

The feeling of misused trust may be healed and cured when disclosing information regarding data breaches and information security to the public. But more than that, apart from public trust, the government may gain better protection of its classified information. The Israeli government may adopt what computer giants like Google and 3Com already did, and that is to pay for every security breach found.

Currently Israel has many unknown security flaws, which remain confidential until a hacker gets caught. For example, Israeli white-hat hacker Moshe Halevi (Halemo) was charged for hacking when he used a pre-paid credit card to show that the Israeli Fines and Fees Center had a bug in the URL handler that allowed resetting a person’s fines. In a detailed case (C 9497/08 State v. Moshe Halevi) Judge Avraham Tenenbaum explains why Halemo’s activity was not hacking, but was solely security checking (a similar case, CA 8333/03 State v. Mizrachi, explains that port-scanning cannot be criminal if done for a cause of security inspection). Therefore, we can argue that the state has a compelling interest to discover flaws.

3.3 The state’s approach to security flaws.
However, we see that in most cases the state prefers to withhold information from the public regarding security flaws and to litigate against persons discovering such flaws. Moreover, when flaws are found, usually adopting the Security through Obscurity approach shows that the way the state fixes the vulnerability is not only insufficient, but negligent.

In one case, white-hat hacker Halemo discovered that the Israeli Court System’s website discloses Judge’s ID Numbers (equivalent to Social Security numbers). The way it disclosed them was that the URL Source of the Judge’s page in the website was his ID number. After the flaw was exposed, the state went to fix the flaw, and replaced the ID with a Base-64 representation of the number.

However, if we require the state to disclose its means of security it would have to disclose how the judges ID numbers were encrypted or protected, and therefore every person would have understood that neither plain-text nor base-64 are good enough mechanisms to protect sensitive information.

4. Applying Software Solutions to State Secrets: A Conclusion.
We believe that not all information has to be public. There are things that are better off secret. However, if we learn from information security methods, we must acknowledge that better security could be achieved when disclosing more information to the public. Applying the open source model of information security allows transparency in decision-making, better algorithms, less resources on counter-intelligence and more resources to allocate to what is mission critical information.

Moreover, better trust could be gained between governments and citizens, reinforcing the social contract and allowing better results in political participation.

Currently, governments over trust security through obscurity when operating mission critical processes, and therefore, when flawed, the flaws and results are enormous. Utilizing open source models could prevent mishaps such as Israel’s phosphorous use, George Bush’s Weapons of Mass Destruction lie and Israel’s racial profiling in Airports as a mean of security.

Israeli racial profiling is such a great example, as it is highly efficient nowadays and even better than the US TSA guidelines but bases itself mostly on the assumption that Jewish nationals may not be considered a threat to national security but Arabs may (HCJ 4797/07 The Israeli Association of Civil Rights v. The Terminal Security Authority, Pending decision). As long as the security guidelines were secret, it seemed amazing that no security flaw occurred. However, now, that the guidelines are known and understood, it is easier to design a mechanism to circumvent them. Therefore, even adopting new guidelines will be useless, as they are inefficient (unless based, again, on racial profiling).

Therefore, in order to regain national security, Israel will have to change its approach to the Open Source Model before a major security event occurs that will make it understand that this is the only option. Staying in a Security through Obscurity approach could protect confidential information, but it cannot protect national security.

“I don’t think that there are many tragedies in China and there are no serious problems in china as long as you don’t fuck with the government“; that’s what John Perry Barlow said when Ido Kenan, Jonathan Silber and I interviewed him on August 2007. Barlow was enchanted by china so much that it seemed to forget that we have an inherent right to fuck with our government.

However, if you see Hillary Clinton‘s attack on China which marks the shot for the next world wide war, the war on information freedom, you need to think twice. Indeed, the alleged actions by China were hideous. Entering into a dissident’s email account and exploing zero-day vulnerabilities in Internet Explorer (the same browser that the Israeli Government requires people to use in order to interact with it) and Adobe’s Acrobat Reader is no less than troubling. However, Clinton’s rage on the involvement, censorship of political websites that try to undermine the government and reading personal emails was that it was blocking free trade. Therefore, China’s response was no less obvious: China reckons that Clinton (and Google) should obey the local laws, which include China’s ability to monitor and enforce the net.

Whether Clinton (and Google) are right, and whether China is right, one should still see Clinton’s hypocrisy.

During the same week where the United States decides to pick on China, we discover that the FBI made warrentless surveillance and obtained data illegally claiming that these activities were made against terror suspects. The US also performs warrantless and causeless searches in laptops when crossing the US border, copies their content and violates the privacy of those who enter the US, and even without need for cause. Meaning, the United States’ conduct is no different than China; The only difference is that the US performs this due to rules and regulations and China hacks.

“It is easier for the United States to point at China and say that they have a human-rights problem than to look at themselves”, Barlow said. But the Democracy residing in Zion is not innocent. When we blame China and stand next to our greatest friend we have to remember what Israel has been doing during the last year. Just last year we buried the Internet Censorship act, and now a new bill by Danny Danon threatens the freedom of the net, where the bill, if passed, will allow the Israeli government to shut down websites harming the Government’s stability, or sites which risk national security. More than that, the MetaData act in Israel allows the same crimes we blame China: our phone and Internet providers must provide the government with details about their users.

Israel already addmitted searching Mordechai Vanunun‘s computer when violating the law and tapping his emails; the same actions China made and is being blamed for; we just call these actions “National Security”

[Originally Posted in Hebrew on TheMarkerIT]

Written with Adv. Effi Fuks, LL.B. for the International conference on Online Dispute Resolution taking place at Haifa University today.

Abstract: The Israeli Legal system suffers from great burden and lengthy processes. While initiatives try to narrow the Israeli supreme court’s authority and open new courts, the Israeli courts have tried to implement a”paperless court” solutions but have yet to succeed in implementing its solutions in the legal community. This Paper presents the problems facing today’s legal community and its digital divide, while inspecting the ability and incentives in moving to a paperless solution.

Our solution to the problem, using the current legislation and based partially on the current unpopular and costly arbitration process, shall include implementing an Internet based arbitration mechanism. this mechanism might bridge the digital divide and allow parties to inspect prior decisions and experience of arbitrators,  thus opening the process for public inspection and allowing precedent-based decisions while allowing all parties access to relevant decisions and documents, it may lower negotiation costs and shorten the legal process dramatically. Based on an open source platform, we enable institutions to install, adapt and modify the solution and to conduct hearings, processes and arbitration.

persons will be able to overview the legal proceeding and inquire witnesses via existing technologies and at minimal costs, while keeping a video archive of witness questioning and a written archive of affidavits to allow litigants future use of the archive in writing their closing arguments. The system itself shall be configured to allow quick dispute resolution when there is no or little dispute, while relying on documents only (similar to the procedural fast-track).

—

—
Bibliography

Engert, A., Norms, Rationality, and Communication: A Reputation Theory of Social Norms, 2002, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=323020

Guadamuz, A., eBay Law: The Legal Implications of the C2C Electronic Commerce Model, 2003, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=569102

Katsh, E., Online Dispute Resolution: The Next Phase, 2002, http://www.lex-electronica.org/docs/articles_140.htm

Reports:
Israeli Bar Association, Satisfaction survey on Net-Courts, 2008, http://www.israelbar.org.il/UpLoadFiles/net_hamishpat_survey_of_satisfaction_june_2008.pdf

Israeli Court System: Half-Yearly Report for 01.07.2008 – 31.12.2008, http://elyon1.court.gov.il/heb/haba/7-12_2008.pdf

Solciano-Kenan, R., Reichman, A. & Vigoda-Gadot, E., The Burden on Legal Systems : Comparative Analysis of 17 Countries, available on the Israeli Court webite, http://elyon1.court.gov.il/heb/haba/Courts_burden_Final_report_5.07.pdf

Shtrassberg-Cohen, T., Special Report: Mid 2008, http://www.justice.gov.il/NR/rdonlyres/3F953362-234F-4597-9F58-00519527690C/11474/final.pdf

Shtrassberg-Cohen, T., 2006 Report, http://www.justice.gov.il/NR/rdonlyres/73417BCA-947E-4524-B9A0-CB54BCF5E716/7882/1100.pdf

Press:
Fogel, R., Ness,  IBM and Taldor will pay for the hassle in courts, http://it.themarker.com/tmit/article/2962

Leibowitz-Dar, S., Quick, Expensive and Elegant Ruling, Haaretz, 10.09.2003, http://www.haaretz.co.il/hasite/pages/ShArtPE.jhtml?itemNo=338851

Magen, H., They will eat flies, Globes, 29.09.2003, http://www.globes.co.il/news/home.aspx?fid=2&did=727824&nagish=1

Raz, H., Courts are privatized: a new company will provide court services for people interested in legal fast tracks, TheMarker, 23.01.2008, http://law.themarker.com/tmc/article.jhtml?ElementId=skira20080123_58733&layer=hp&layer2=&layer3=law

Roeh, A., Sharon’s Trial against Ha’aretz: No Settlement, the appeal will be heard, Ynet, 02.05.2001, http://www.ynet.co.il/articles/1,7340,L-711988,00.html

Sharvit, N., The Israeli Bar Association: We’ll recommend not to use Net-Courts, Globes, 30.06.2008, http://www.globes.co.il/news/home.aspx?fid=829&did=1000356820

Yoaz, Y., The Computerisation of Courts will begin in November, It will allow filing of claims and appeals over the web, Haaretz, 12.07.2005, http://www.haaretz.co.il/hasite/pages/ShArt.jhtml?itemNo=598945

Sometimes, we prefer to lose our privacy in exchange for comfort; we do so when we store our contacts on a cellular phone or when we print business cards which we exchange with strangers; the social interaction itself is a difficult and dangerous transaction. However, the real danger lies where privacy and comfort decide to interact, in involuntary exchange of information.

Today’s, Techonomy, a conference about the interaction between technology and economy, was held in Tel-Aviv. The winners of the Start-up competition were face.com. face.com provides a face recognition platform for social networks (in the meantime) which locates images of you and your friends in other users’ tagged photos. face.com’s face recognition is quite amazing and has the ability to find you even when you’re in the background or wearing sunglasses. They are currently in closed alpha, and I had the pleasure to play with it for a few minutes before writing this blogpost (which was sufficient to know that it’s quite efficient).

However, my main concern comes from face.com’s database. face.com can recognise faces of your facebook contacts even though they are not in your albums, but in friends’ albums. This means that by cross indexing a relatively small amount of facebook connectors, face could retain (or store) the facial recognition of a high percentage of users.

Here comes the privacy issue from the privacy freak; however. Now, take Israel’s new attempt to establish a biometric and face database and their recent attempts for installing cctvs and imagine the hypothetical scenario where our benevolent dictator comes and asks face.com’s database in order to examine a suspect in terrorism or issues a warrant to require face.com to search for a specific missing/suspected person in social networks and/or cctvs. Can face.com actually refuse such generous offer?

When face.com only indexes my own photos, and only tags me if I gave my consent (and not opted out) then it’s all yet consensual waiver of privacy; privacy in exchange for comfort, what we usually do. However, when it’s other’s faces, without their consent or knowledge, such a database might be extremely dangerous. I’d love to inspect the guts of face.com’s database and see how can they protect users’ privacy without limiting this application, but if they manage to do that, well, let them sell it to our government

[Again, most court decisions lead to Hebrew links, sorry, originally posted in Hebrew]
A Kentucky Court ordered, in a wrong and misunderstood decision, to forefeit one hundred and forty one domains which were somewhat involved in gambling into the hands of the State of Kentucky. In the decision, granted by the Kentucky Circuit Court, asserted that since the domains were accessible to Kentucky residents, they could be seen as operating illegal gambling in Kentucky (and therefore asserting jurisdiction) and they could be forfeited in order to stop the plague. (81-CI-1409 Commonwealth of the State of Kentucky v. 141 Internet Domain Names) (and see also the Carlton Case CR 90861/07 Michael Gary Carlton v. Israeli Police and Dr. Omer Tene‘s explanation on Carlton)

In order to understand how essentially wrong is the decision, one must understand the forfeiture process (and the court dedicates a full chapter to this). Forfeiture is a semi-civil process where property involved in a crime is conveyed to the hands of the state as the property itself was a part of the criminal process. Forfeiture is not only penal, it is intended to grand a deterring force and prevent a person’s enjoyment of criminal profits. Moreover, the state cannot forfeit property if there’s no hard evidence (and sometimes beyond reasonable doubt) that a crime was made with the property. (CA 4496/04 Majahna v. State, CA 7155/01 Tzameret Billiard Clubs, ltd v. State).

After the court reviews the relevant decisions, it comes to a conclusion that, not only a domain is property per se (and some lawyers claim differently) (see also
how a domain could be foreclosed in Israel, decent disclosure: I wrote some of the court request for Adv. Idan Lamdan). But the court also asserted that the property is no less a part of the crime committed.

This is where my criticism starts to come to action. First, the Defendants and due process; please note the parties’ identity in the court decision, they are one hundred and forty one domains (and not domain owners). As you’ll never see a forfeiture case titled “The State of Israel v. a money pack left by a homeless drug dealer”, you can see the problem here. Therefore, conducting a process against a domain owner (with or without his knowledge) where he is not a party to the discussion cannot be deemed as due process. There’s a similarity between this case and the Israeli Supreme court when Prime Minister Yitzhak Rabin deported 415 prisoners to Lebanon without granting them the right to be heard (audi alteram partem); then, the court gave a unanimous, unsigned decision in a funny manner (HCJ 5973/92 Israeli Civil Rights Assoc. v. Minister of Defense)

Second, it is unclear whether any crimes were actually committed (and compare the “Making Available” reasoning in the Jamie Thomas appeal, 06-1497 Capitol v. Thomas, …). In principio, the state of Kentucky failed to prove that even one person gambled or waged money in each and every one of these websites, it did not prove that funds were transferred and where were they transferred to, it just submitted a negligent request. Meaning, if we compare the domain forfeiture to laundered money, then we did not prove (and especially not beyond any reasonable doubt) that the domains were involved in gambling. As some of the Amici Curiae claimed, some of the domains were no more than spam links or link farms, which cannot be deemed as illegal.

Third, the judge showed ignorance in understanding the poker game when he stated that “in the end, no matter how skillful or cunning the player, who wins and who loses is determined by the hands the players hold”. This shows misunderstanding of the poker process when it misses the basic assumption of the game’s psychology: you play the hand you want, not the hand you have.

Poker could be easily compared to the legal process. As most court cases end in some kind of settlement, and seldom do people get a final decision, so do most poker rounds. Poker players, at least most of the time, aren’t required to show their cards and therefore these cards mean nothing. Like lawyers, poker players play the cards they’re dealt. A lawyer who first hears a potential client can decide whether he takes the case or not according to the chances he assumes; this is quite similar to being dealt a Pocket hand. Afterward, the lawyers start exchanging accusations and letters, where the lawyer could decide to quit or go ahead (pre-flop gambling) depending on his assumption of the other player’s odds and power. Then, the game begins, the flop is being dealt and lawyers start document discovery and pre-trial, where every party tries to bully the other and show him how weak his case is, convincing him to quit. Then, if they remain in the game, comes the real trial and the closing arguments (Turn and River), in any stage, even after the closing arguments, each party could offer (or bully) such offer that will cause the other party to stop. But in the ends, when people show cards, it’s all over and it’s left with the odds. (see Hon. Judge Rachel Greenberg‘s dissenting opinion in Crim 3814/07 State v. Rock Eran).

Now, in some cases, being a good enough lawyer doesn’t really help. Sometimes, your client is a murderer, rapist, thief or just did illegitimate acts in a civil suit. Does that mean you’re not a good enough lawyer? no, it means your client wasn’t good enough. If so, is litigation a wager? Not really, it’s life.

If we leave the sidenote on poker and legal procedure, that I’m still considering legitimate (otherwise, there’s no difference between Poker and the financial market), the question of Due Process was entitled to a more serious discussion. It is not possible that the state of Kentucky decide to forfeit all one hundred and forty one domains without these being under its jurisdiction. The net’s internationalization cannot allow a jurisdiction anything but to reign over it’s physical domain, if not, we might get this website forfeited in Syria, the law is no more than a weapon of mass destruction when put in the hands of the wrong state.

“So? You’ve won” I was told today when the minister of telecommunications, Ariel Atias, notified that he will submit a “Softer” version of the Israeli Censorship act. The problem began when I explained that this is another spin after a “Soft” version was submitted a year ago, and no one thought it was soft (If you can read Hebrew, I suggest you read the interview that Doron Fishler had with me at Nana while I was driving back from Jerusalem).

It’s crucial to understand that in spite of the minister’s claims that no filtering will be made by default, the bill does determine that if you do not answer your ISP’s question whether you wish to filter content or not, you will not be able to access the internet (with one exemption, which is sort of a small victory, regarding existing customers, they will not be filtered).

The question of biometric identification remained open. The minister is still authorised to determine the means who will identify a person as an adult. As long as a person will have to identify itself against its ISP, there is a hatch to allow access to Israel’s establishment of a biometric database (which is currently in establishment) and allow the ISPs to access it by defining them as “Public”.

Moreover, the whole thing around User Generated Content (which Atias avoided) did not get the right attention.Most likely, Atias acknowledges that ISP based filtering (meaning, all of Israel’s traffic will be filtered) has some negative results and that the “Public committee” he established will have to set criterias to filter user generated content, including Israel’s most popular websites.

And maybe the worst problem was that the ISPs did not arrive to today’s discussion while the bill may incur heavy expenses on them. Maybe they know that this fight has to move on to the supreme court. The Parliament members just don’t listen. They just make it hard (and still use the “Protect The Children” dialect while they know that no one will be protected under this bill)

Maybe we were wrong when we intervened in the original bill and started a riot. Maybe the right move was to allow the bill to pass with all the biometric identification, with the central apparatus, with shaming lists, that way the supreme court would have seen it as obvious and we wouldn’t have to explain to him how bad this bill is. Now, with the new version of the bill and all the spins around it, it’s a hard job to explain the unconstitutionality of this bill, but it remains unconstitutional.

Hon. Judge Hanan Ephrati in C 1152/08 State v. Haim Nissim raised a few legal issues which weren’t even mentioned in the 3 page decision, not even in the brief opinion [Hebrew] by Adv. Aviv Eylon which was published on Ynet earlier this week.

Haim Nissim was just one more of the victims suspects of Dov Gilhar‘s remake of “To Catch a Predator”, who were arrested, humiliated and afterwards charged by humorous crimes. The “Indecent Act in Public” and “Attempt to sexually harass” were the charges brought against Nissim, who, alledgedly, chatted with Sivanush while masturbating in front of a webcam. The Israeli police thought that they can charge Nissim with at least attempted rape or indecent acts in a minor, however, these were replaced with the minor crime of “Indecent act in Public”.

Nissim asked the court to strike the “indecent act in public” charge, as the act was not done in a public place, but in a chat room (and if this reminds you reminds you the court decision regarding selling Hametz in passover, C 4726/07 State v. Terminal 21, then it’s not a coincedence).

In C 1454/92 State v. Joseph Virtgeim the defendant was acquitted from the same charges as not all of the crime’s elements were me. Virtgeim masturbated in from of his apartment’s window while his neighbor watched from the next building. While the court asserted that this was not made in public, it stated:

For this matter, it is certain that the defendant executed the indecent act in the confinement of his apartment, and his private apartment is certainly not a public place. In this case the prosecution hasn’t proven otherwise. If, however, you’d state that the second alternative of “public” would come into force, then it is required that a “person positioned in a public place would see the act”. In this case, it is quite obvious that the plaintiff standing in her apartment – is not in a public place, anyways the prosecution hasn’t proven otherwise. Even if you’d say that there is no need that the plaintiff would actually be situated in a public place and it is sufficient that a person in a public place may see the act, the prosecution has still not proven that this is actually the case.

In plain English: As long as the spectator is in his own home, and not in a public place, then the indecent act is not in public.This perquisite came following Hon. Judge Bechor’s ruling in CA 383/80 Simon Palker v. State where the three elements of Indecent acts in Public were asserted (See also: C (TA) 9163/98 State v. Nemirovsky): (1) The act is committed in a public place OR (2) in a public assembly or rally OR (3) in a place where a person in a public place may see it.

It’s quite obvious that a person in a public place could have browsed Nissim’s chat room (assuming it’s not a private chat, which is not stated in the decision) or from any Internet Cafe, but in order to establish all the elements there are a few more requirements. If we’ll return to Virtgeim, where the defendant’s window was visible from outside, the prosecution still needed to prove that it actually was.

In a sidenote, we need to consider the meaning of a “public place” on the net when our public spaces are being taken from us every day. I mean, if a couple would have had sex in the middle of the desert, which is government property and a public place, no one would have charged them for this crime; even in the public sphere there are discrete places like forests, caves, lakes and isoteric places where a person could expect privacy.

And, Like the real world, there are places on the net which are not “Public”, the fact that a chat room is open to all doesn’t actually mean that they’ll get there and doesn’t mean that the public would watch the chat room. Relative Intimacy is actually the case here, from the  numerous chat rooms and the relative anonymity.

[Also in Hebrew]