By: Yuval Shany
Welcome to the seventh newsletter of the HUJI CyberLaw Program.
Given our program’s interest in cyber security and attendant regulatory questions, many of us have read with great interest, and some concern, the new Cyber Security and National Cyber Directorate Bill, published by the Israeli government in late June. The Bill comprises three principal parts. First, it delineates and regulates the structure and legal powers of the National Cyber Directorate and introduces various safeguards to prevent abuses on its part, such as a privacy inspector and oversight committee. Second, it provides the Directorate with operative powers to tackle potential cyber security breaches, including information sharing, issuance of security instructions and protocols to private business, and, if necessary, coercive protection and seizure measures in computerized systems with a court order, or in urgent cases, without it. This is by far the most controversial part of the Bill, which will surely generate much public discussion and will be subject to close scrutiny by academics, civil society, and law makers. While some coercive measures may be inevitable due to the inter-connectedness of computer systems and networks, questions relating to the adequacy of the Bill’s procedural safeguards, privacy guarantees and substantive balancing between competing interests remain. The third part of the Bill deals with regulatory framework in which cyber security standards will be elaborated and enforced. The Bill proposes a division of labor between the National Directorate and other sectoral regulators in fields such as banking, transportation, etc. Here, too, the efficiency and propriety of the regulatory model offered can and should be discussed.
At a more general level, the new Bill underscores the increased involvement of governments in addressing cyber security in the private sphere. The implications of this development are far-reaching, however, and are possibly only beginning to unfold. Such a development may require Israeli society and other societies to engage in painful tradeoffs between security, privacy, economic welfare, and freedom of expression and association. Hopefully, our research program, which is already tackling issues such as digital human rights, online privacy, online surveillance, and the impact of regulating cyber security in private businesses, is well placed to step up to the challenge of studying this new security landscape and can serve as a hub for considering the new Bill and related initiatives.
Thank you for your interest in our work. As always, we look forward to receiving your thoughts and comments about our activities.