Likud Fends Off Privacy Infringement Accusations
Israel’s ruling Likud party has requested the country’s Supreme Court dismiss a petition against its use of campaign management app Elector, submitted after several security vulnerabilities in the app were detected
The petition was submitted to the court last week by two lawyers, Shachar Ben Meir and Itzhak Aviram. It came days after Calcalist reported, on three separate vulnerabilities in Elector’s app, which caused Israel’s entire voter registry to leak. The first vulnerability was reported on February 10, and on Sunday Calcalist reported yet another security breach, this time on Likud’s own website, resulting in a third leak of the voter registry within just two weeks.
A similar petition submitted by the two lawyers to Israel’s Central Elections Committee was rejected last week.
In its answer to the court, Likud asked that the petition be dismissed, stating its continued use of the app has been approved by Israel’s Privacy Protection Authority (PPA) and that the vulnerabilities have all been detected and corrected.
In its answer, Elector said it has undergone a meticulous examination procedure in the past two weeks, following a security breach detected on February 8. This vulnerability, however, had already been reported to the Israel National Cyber Directorate the day before. Elector also claimed there was no proof that the second leak reported by Calcalist occurred.
In a joint answer to the court, the Attorney General, the PPA, and Neal Hendel, the head of the Israeli elections committee, wrote that the probe into Elector has yet to be completed. “As far as the PPA and the cyber experts from the Israel National Cyber Directorate that are assisting it in its probe know, Elector’s security measures have been upgraded and further tests have found no additional major defects or other indications that the system should be shut down,” the answer read.
The respondents also said that the PPA does have concerns about the use of the app, regardless of said breaches, which may constitute a possible infringement of privacy protection laws, but which will be examined at a later date.