A Game Changer? The new Israeli Cyber Security Bill
HUJI CyberLaw Newsletter Editorial #7
By: Yuval Shany
Welcome to the seventh newsletter of the HUJI CyberLaw Program.
Given our program’s interest in cyber security and attendant regulatory questions, many of us have read with great interest, and some concern, the new Cyber Security and National Cyber Directorate Bill, published by the Israeli government in late June. The Bill comprises three principal parts. First, it delineates and regulates the structure and legal powers of the National Cyber Directorate and introduces various safeguards to prevent abuses on its part, such as a privacy inspector and oversight committee. Second, it provides the Directorate with operative powers to tackle potential cyber security breaches, including information sharing, issuance of security instructions and protocols to private business, and, if necessary, coercive protection and seizure measures in computerized systems with a court order, or in urgent cases, without it. This is by far the most controversial part of the Bill, which will surely generate much public discussion and will be subject to close scrutiny by academics, civil society, and law makers. While some coercive measures may be inevitable due to the inter-connectedness of computer systems and networks, questions relating to the adequacy of the Bill’s procedural safeguards, privacy guarantees and substantive balancing between competing interests remain. The third part of the Bill deals with regulatory framework in which cyber security standards will be elaborated and enforced. The Bill proposes a division of labor between the National Directorate and other sectoral regulators in fields such as banking, transportation, etc. Here, too, the efficiency and propriety of the regulatory model offered can and should be discussed.