In recent years, several cases have made headlines in which the police used spyware, including the “Pegasus affair” revealed in 2022 by Calcalist, which described the use of such software without judicial authorization. In a State Comptroller’s report published Tuesday, fundamental and significant deficiencies were found in the use of technological tools for law‑enforcement purposes.
State Comptroller Matanyahu Englman said that “the audit revealed the carrying out of prohibited actions by the police in the field of wiretapping and the use of technological tools.” However, the report, which covers the years 2011–2021, does not specify which cases are involved and does not name those responsible.
3 View gallery
State Comptroller Matanyahu Englman found fundamental, significant deficiencies in use of technological tools for law‑enforcement purposes
(Photo: Alex Kolomoisky, Israel Police spokesperson)
Over recent years, the police have acquired and developed advanced technological tools enabling wiretapping and the collection of communications data, such as phone location information. These tools have innovative capabilities that allow the collection of vast amounts of information. Their growing use poses a complex and sensitive challenge in balancing public security needs with the obligation to protect privacy rights.
According to data published by the comptroller, between 2019 and 2021 the police requested nearly 14,000 wiretap warrants. Courts approved 12,937 of them (more than 90%). During those years, more than 1,000 requests were approved for wiretapping computer communications, and more than 1,000 installations of technological tools were authorized on monitored devices.
The report details a series of failures in legislative and legal regulation, including the approval of tools and wiretapping actions without proper legal opinions, tools later found to exceed police authority, approvals granted without informing the Attorney General’s Office, and prolonged use of tools later deemed unlawful under the Wiretapping Law. In some cases, decisions were delayed for years, and no principled discussion was held within the Attorney General’s Office regarding the integration of such tools into police work.
The comptroller noted that the lack of legislative regulation led to two outcomes: the use of tools that severely infringe on privacy without proper statutory authority, and a reduced ability for police to fully utilize these tools in combating crime. He concluded that there is a systemic and fundamental flaw in the processes of reviewing and approving powerful technological tools with extensive potential to harm individual rights.
What does it matter—witness or victim
The second chapter of the report deals with the execution of wiretaps themselves. The Wiretapping Law requires three elements in each request: the grounds for interception, the interception target and the relevant offenses. A review of nearly 14,000 police requests from 2019–2021 found that requests were often not properly completed.
In most cases, the police cited more than one interception ground, and in nearly half of the requests, all three possible grounds were listed together. Only 11% of requests cited a single, focused ground. The comptroller said this practice makes it difficult for approving authorities to assess necessity and proportionality.
3 View gallery
The cyber division is not strict about operations. Illustration
(Photo: Israel Police spokesperson)
Deficiencies were also found in listing the relevant offenses. Failure to specify a concrete offense impairs the decision‑maker’s ability to evaluate whether the severity of the offense justifies infringing on privacy.
Wiretaps are conducted not only on suspects but also on individuals defined as “monitored persons,” such as indirect partners, witnesses or victims. The report found that the police often listed suspects at the top of request forms even when they were not intended targets, while non‑suspect monitored persons appeared only in the request’s reasoning. This practice prevents courts from seeing all interception targets in one place and assessing the necessity of monitoring each.
The comptroller noted that this pattern is especially harmful to indirect partners, crime victims, and minors, because the police are not required to explain why monitoring them is necessary, whether it justifies heightened privacy infringement, or why alternative investigative methods were not used.
How long is it permissible to listen in?
The report also examined interceptions involving individuals with professional privilege or political status. For about 13 years, the Justice Ministry and police required prior approval for such interceptions, limiting them to exceptional cases involving serious offenses. In 2018, however, the prosecution changed this arrangement, allowing retroactive approval if a monitored person was likely to communicate with someone holding privilege, effectively removing broad legal protections.
The comptroller identified several cases in which requests for retroactive approval were granted even though they would not have met the legal criteria under the previous framework.
The audit also found missing approvals in many cases, and noted that a police method for calculating interception duration allowed prolonged wiretapping—sometimes exceeding a year—without the required senior authorization.
Regarding emergency approvals, although the law allows for a 48‑hour administrative permit signed by the police commissioner, the audit found that this mechanism was not used. Instead, the police relied on an alternative procedure known as “Exceptional Order B,” which the comptroller said had become routine rather than exceptional.
An inflation of communications data
Despite the clear need for legal regulation of collected wiretap data, the Attorney General’s Office and the police only partially regulated the collection of three types of intercepted data between 2014 and 2024. In most of the cases reviewed, the police carried out at least one prohibited action involving the extracted data, such as exporting, reviewing, producing or using it unlawfully.
The comptroller warned that such practices severely harm privacy rights and undermine public trust in the police. He also noted a 40% increase in the number of judicial orders and administrative permits for communications data between 2017 and 2021, with a significant portion granted administratively. In nearly all sampled cases, serious documentation failures were found.
Growing erosion of the restraint of power
In concluding the report, the comptroller wrote that the review revealed significant and fundamental operational gaps in police wiretapping procedures, leading to serious violations in requests, tool installations, data collection and use. At the root of the problem lies a deep regulatory failure.
Englman emphasized that prohibited actions must be treated seriously in all cases, not only when they affect a specific criminal proceeding. Over the years, there has been a growing erosion of the principle of restraint in wiretapping, undermining the presumption of proper administrative conduct. Without clear statutory authority, there is no agreed‑upon normative framework.
He called on the ministers of justice and national security, the Attorney General, the state attorney, the police commissioner, and the head of investigations and intelligence to ensure that the deficiencies are corrected.
Responses
Legal officials said the comptroller’s report included a recommendation to regulate the use of spyware through legal interpretation or legislation. The Attorney General’s Office has long held that legislation is necessary, as existing laws are decades old and unsuited to current technological realities. A government bill was drafted but stalled due to disagreements with ministers, particularly over allowing spyware use in corruption investigations.
A private bill proposed by Knesset lawmaker Tzvika Fogel to regulate spyware for wiretapping passed a ministerial committee more than a year ago but has not advanced in the Knesset. The Attorney General’s Office reiterated that legislation is the preferred solution and could be adopted relatively quickly.
The Israel Police responded: “Israel Police is a law‑enforcement body, and all events examined in the audit were carried out lawfully, under judicial warrants and legal interpretation. The report largely addresses past events from 2016–2021 that were thoroughly examined by the Marari Committee. All lessons from the Marari report published in August 2023 were implemented that same year, as the comptroller himself notes. Oversight and control mechanisms have since been improved.
“As for the comptroller’s remarks regarding the need to return technological tools removed from the police in 2022 and the lack of adapted legislation, we emphasize that this situation harms society as a whole and must change. The absence of technological tools and suitable legislation hampers the fight against serious crime.
“The audit presents a very partial picture and does not reflect the police’s life‑saving work or the extraordinary challenges it faces with limited resources and outdated legislation. Israel Police will continue to promote relevant legislation, seek the return of technological tools, and cooperate transparently with oversight bodies.”
First published: 17:34, 01.20.26