Former IDF cyber chief warns of red-lines being crossed and the erosion of Israel’s democracy
Avenr Paz Tzuk talks to Calcalist about the ethics of surveillance, his faith in education and his fear of a military brain drain
As the Israeli government continues to employ the Internal Security Agency (better known as the Shin Bet) to track the cellular signals of residents in order to monitor potential interactions between Covid-19 patients and the public, Brig. Gen. (Ret.) Avner Paz Tzuk explains how democracies are whittled away using the salami method.
“A dangerous line has been crossed. As someone who knows about Israel’s cyber capabilities from the inside, I am disturbed by the fact that the government is operating its national security tools to track its own citizens. The justification is extremely borderline and it is a slippery slope. It’s a line that is most difficult to cross the first time. Next time it will be crossed for less justifiable purposes and once we’ve crossed it, it can always be pushed further back,” Paz Tzuk said in an interview with Calcalist.
What is the significance of the line being crossed?
“It means that the wall that was vigilantly protected has been cracked and now, if they chose, they will be able to read your emails and your WhatsApp messages, monitor what you do with your phone and where you are at any given moment. This should worry everybody because today the government orders the gathering of location data for health reasons, but tomorrow it can be another type of information for a completely different reason.”
Why did the Shin Bet agree to it?
“I feel for the Shin Bet. They don’t want it, but the government’s instruction was to invade the citizens’ privacy. If I were at a security agency nowadays I would feel very uncomfortable, and I believe that’s how they feel too. But they are following orders. At least we aren’t in the realm of illegal orders, those that should not be followed.”
What would constitute an illegal order?
“If the regime employs tools designed to protect the citizens in order to protect itself.”
Do you believe that could happen?
“I fear the day will come when that line is crossed too, but many people won’t even realize it.”
Very few people are as familiar with Israel’s cyber capabilities as Paz Tzuk is. After all he is the man who founded the military’s cyber department and a recipient of the Israel Defense Prize in 2020. It is based on that familiarity that he now openly doubts the official reasons offered to justify the employment of the Shin Bet’s surveillance capabilities to track citizens’ phones.
“With the panic that’s been sowed here in recent months, it's easy to form a consensus around the notion that the Shin Bet surveillance will save us, but I have yet to see them successfully break off contagion chains,” Paz Tzuk said. “What did happen was that the wall that was so well protected, has been cracked, and I deeply fear the salami method. It is wrong to take tools developed for fighting your enemies and use them to solve civilian challenges.”
What should they have done?
“Built different tools, those designed for the civilian world.”
You warn of the possibility that citizens won’t even realize that the forbidden line has been crossed. That means that protecting the boundaries of democracy rests in the hands of soldiers or Shin Bet agents. Will they recognize where the border lies?
“To begin with it is definitely not a task that should be placed on the army. The IDF shouldn’t touch Israeli citizens, that’s what the police and Shin Bet are for.”
And will they know not to cross the line?
“Based on my familiarity with the Shin Bet— and I worked with them a lot— I believe that they were disturbed by the matter and took preventative measures, like talking about ethics and the boundaries of democracy. Monitoring of citizens needs to be backed up by very clear procedures and accompanied by good explanations regarding ethics and morals, on what is and isn’t permitted. This is true for anyone who uses force, but is even more so when dealing with innocent civilians who carry no risk to national security and only ‘crime’ is that they were unfortunate to be in proximity with a Covid-19 carrier.”
Ethics and explanations are well and good, but this is an entirely new situation for a soldier or agent to be in, monitoring the network and suddenly being able to see where his girlfriend or neighbor are.
“Even in routine intelligence gathering operations in Arab countries, you occasionally reach what’s known as ‘yellow data.’ Anyone who has any interaction with the surveillance must learn the rules and make sure to save the information only for the purpose it was gathered. It is vital to erect very high walls here.”
So, let's discuss the ethics of Israel’s cyber warriors. Judging by what some of them do after their discharge, it is right to be suspicious of their ethical norms. Many surveillance measures that were developed in the military have found their way into the hands of private companies that aren’t as committed to ethical guidelines.
“There is a dilemma when it comes to the army’s technological units regarding what knowledge is permissible for its personnel to use after their discharge. If you know how to hack into an adversary’s network, you have to be prevented from doing it as a civilian. It’s an ethical question that the army wrestles with, trying to keep the knowledge within the IDF.”
On the other hand, you can’t expect someone to forget their training. Where does the line run?
“The line is very clear: you are forbidden to export even a single line of code that you developed. Before you leave the base you have to empty your pockets and remove everything.”
But sometimes the code you developed is worth lots of money.
“It’s a matter of values. You must understand that if you learned how to take advantage of others’ weaknesses and extract their information, you are forbidden from using those capabilities when not in the service of the state. It’s the same as a person who learns how to shoot and kill in the service of the state is forbidden from doing so after they leave.”
It is very difficult to enforce.
“That’s right and I have had discussions on the matter with the commanders of the intelligence units. I think the right way to enforce it is through education, not legislation. Ethics and morals are above the law.”
And then graduates of these units turn around and found NSO, which at once both damages the reputation of Israel’s cyber community and at the same time creates huge demand for its tools.
“I really dislike it, it pains me personally. People should be educated not to develop offensive tools like NSO’s, but we live in a democratic society. Whether the government needs to fight it is a philosophical question. In my book it is equal to training a military force run by an African tyrant. It is unethical, but cannot be prevented.”
Paz Tzuck’s military career was very diverse and equally unique. He was born on Kibbutz Ein Hashlosha, near the Gaza Strip and served as a combat soldier in the elite Sayeret Matkal unit. After completing his mandatory service, he went on to study agricultural engineering at the Technion Israel Institute of Technology (he later got another degree in business management). During the 1991 Gulf War, aged 28, he was called up for reserve service in Unit 81, the special ops command’s technological unit. The goal was to link field operatives to developers. “We planned all sorts of operations that never materialized,” he said vaguely. After the war, the unit commander convinced him to stay on. He could have remained on as a civilian contractor, as is customary in the unit, but decided to take the military route. And so, aged nearly 30, a husband and a father, he found himself at the IDF’s officer’s academy. “The difficulty wasn’t physical, it was mental, when my commander was 21 years old,” he recalled. “At 30, I was a lieutenant when everyone else my age were majors.”
After that, things moved more quickly and in 2007, after 14 years of serving in the unit, Paz Tzuk was given the command of Unit 81. Three years later he was tasked by then Chief of Staff Gabi Ashkenazi to transfer to the 8200 unit (known as the Israeli NSA) in order to oversee the establishment of the IDF’s Cyber Command, alongside Nadav Zafrir, then the commander of the intelligence unit and today the managing partner of the Team8 venture capital firm.
Paz Tzuk’s activities during his time at both units are highly classified, aside from the fact that they led to him being awarded the Israel Defense Prize. Another thing that can be told is that he fundamentally changed the recruitment process for cyber-related positions. During his time at the helm, cyber classes were opened in nearly every high school in Israel and he is one of the people responsible for the unprecedented demand of young people to serve in cyber units and thus pave the way to their future careers.
Hackers have become cultural heroes. Even the James Bondian heroine of the hit TV show Teheran is a graduate of Unit 8200.
“When I was the commander of Unit 81, we led a project to recruit teenagers from the periphery to be military engineers,” he said. “It was born out of the arny’s egotistical needs to enlist more people into such roles, but also from seeing that few children from the periphery were in such roles. Through various preparatory programs, we reached a situation whereby 40% of the engineers in the IDF hail from Israel’s periphery. The army was able to double its recruitment pool and suddenly for a kid in the south, serving in 8200 is no longer a distant dream.”
About 500 children take part in each cohort of the IDF's engineer training program, Paz Tzuk said. Upon completion of the program they pass a uniform test. Only half of them pass the threshold required for service in the cyber units of the various security agencies. The units, for their part, fight amongst themselves for the best candidates who appear on a secret list called “the Top 50.” “In 2014, four years after the programs began operating we were glad to see that 10 out of the top 50 candidates came from the periphery,” said Paz Tzuk.
Paz Tzuk took his commitment to educational impact on to his final military role. “I wanted to leave the technological bubble, influence the entire military and place an emphasis on values,” he said. “Had I gone into civilian life straight out of Unit 8200, I would have started a venture of my own, but just before I completed my role there, I was reminded that I had expressed an interest in becoming the IDF’s chief education officer.”
It took a couple of failed attempts, in which he was beaten to the job, but eventually then Chief of Staff Benny Gantz appointed him to the role. “Gantz is an honest man. He can be trusted and believed and he holds education close to his heart,” said Paz Tzuk. “But it was with Gadi Eisenkot (Gantz’s replacement for the IDF’s top job) thet we carried out moves that had a real impact on the IDF. They dealt less with maintaining the status quo and that’s why I stayed in the role an extra year to see them out with him. He was willing to pay a higher price than Gantz was in order to uphold the army’s spine. Gantz was more cautious.”
You are referring mostly to the role of religious education in the army.
“It was important for Eisenkot to keep military education separate from matters of religion. A religious authority shouldn’t be educating secular soldiers. But back then it was known that external groups were offering the army to hold religious educational activities for free, while the army’s own activities cost money, which led everyone to opt for the religious activities. It was the way in which certain elements were able to infuse religious dogma into the military, something I believe is simply wrong to do.”
Paz Tzuk penned a new concept called “ethical fitness,” and worked hard to implement it deep into the IDF’s educational practices.
“In the same way a soldier needs to shoot a rifle accurately and be physically fit, they need to be fit to cope with challenging circumstances like manning a checkpoint, making a midnight arrest or Jews attacking IDF troops,” he explained.
Paz Tzuk retired from the army three years ago and is still getting accustomed to civilian life. He was immediately recruited by Bank Hapoalim CEO Arik Pinto to take on a management role tailored specifically to him— head of the modernisation division. “Pinto brought me on to link the technological side of the operation to the business side,” he explained.
And less than two years later, when Dov Kotler replaced Pinto, you left.
“I made a deal with myself at the start that if within two years I didn’t feel like it’s what I really want, I’d leave.”
The power struggles and internal politics of the bank are in a different league than they are in the army. There are constant battles over authority.
“There were a lot of questions over who held authority. I learned how to operate in a place with lots of interests and lots of power at play. The banking world is one that’s tough to manage in, its processes are very lengthy. At a startup I just notify the CEO on the go and get to work, at the bank it’s all about committees, partnerships and convincing other people.”
In February, right before the Covid-19 outbreak, Paz Tzuk made another move that is unusual for former generals, particularly in the technology industry. Insead of founding his own startup, or at least running an existing one, he landed in the No. 2 spot at SQream, which develops tools for big-data analysis. The company was founded by Ami Gal and Razi Shoshani in 2010 and its well known investors include Alibaba, Blumberg Capital and Mangrove Capital. SQream has raised $77 million to date, with a $39 million round completed in June, amid the crisis. It employs 80 people and aims to raise an additional $20 million by the end of the year.
As someone who was the head of the IDF cyber division, didn’t you receive more attractive offers?
“I was aiming high, but then I met a friend who told me ‘I know you, we launched startups together within the military, but you are still lacking something: you don’t know this world from the inside, how to recruit people, how to raise capital, how to manage processes.’”
I’ve had a chance to speak to several of your colleagues from the IDF and I doubt that would have convinced them.
“I know, many of them wouldn’t have taken the role for reasons of pride and prestige. For them appearances trump substance. I have no problem working alongside a CEO because I know how to manage my ego.”
Graduates of the IDF cyber units receive dream offers from the private sector and 20-year-olds can leave the army with generous contracts that were promised to them during their service.
“If I hear of that happening at SQream i will put an end to it immediately. Headhunting within the military is a red line.”
Why? It’s a free market after all and there is competition over the best minds.
“Approaching a soldier or officer while they’re still in service is unacceptable, it harms national security. I encountered it a decade ago, when reserve duty soldiers tried to recruit soldiers still on active duty. Companies who do that should be publicly shamed. If the army doesn’t have enough people because everyone left for the private sector, the IDF’s technological capabilities will be harmed and that has an impact on our safety as a country.”
You are one of the people who made the IDF’s cyber capabilities so desirable. These days young people realize that they can ensure their future from behind the keyboards rather than on the front lines of the elite combat units.
“These ‘computer kids’ bring a lot of value to the army. yes, it is also a jumping board for later careers, but that on its own is not a problem. It just poses the army the challenge of ensuring there are enough people who still want to be combat soldiers. It’s a social trend that can be seen statistically and should be kept an eye on. It’s a tough question for the IDF and for Israel, because there is no world that is all good and doesn’t include any blood, especially not in our reality. At the end of the day, you need people to hold the rifle.”