Why we should be worried about Twitter adopting products of Israel’s surveillance state

Israel is a global leader in the field of surveillance technology and cyber-security products. While it has companies engaged in defence cyber technology, it is most known—and notorious—for its offensive technology and spyware offered by companies like NSO Group, Candiru, Circles, Paragon, Intellexa, Citrox and Cellebrite. Their products exploit weaknesses in security protocols of electronic devices to intercept voice, video, texts and emails. Intelligence agencies and law enforcement in both repressive regimes and democracies use them to track political dissidents, human rights activists, journalists, lawyers, and teachers.

In a number of cases, devices of political dissidents were hacked. Others were arrested and  imprisoned based on evidence secured through these means. The spyware enabled a Saudi hit squad to track the location of Saudi journalist, Jamal Khashoggi, who murdered him when he arrived at the Saudi consulate in Istanbul.

Israeli ‘anti-terror’ technology

A different niche in this market is digital identity technology. It permits companies like financial services (including banks), airports subject to high volume of fraud to authenticate customer identities. Among these companies is AU10TIX with annual net profits of $40-million. It describes itself as "the long-standing industry leader in automated identity verification and management solutions for the digitally dependent global enterprises of today." Its main goal is to detect and prevent fraud. Among its other clients are PayPal, Google,  Airbnb, LinkedIn, Payoneer, Uber and Santander.

''Israeli companies like AU10TIX claim they adhere to the highest ethical standards and protect the privacy rights of those whose data it accesses. But when clients use these tools, even for what they determine is a legitimate purpose, they are buying into the technology and ideology which created them.''

To do this, AU10TIX must compile a huge database of the personal information of millions or even tens of millions of people. Its algorithms would be programmed to identify patterns characteristic of fraud. They may even tag those who haven't engaged in any such behaviour, but who might in the future. The point is, no one except AU10TIX and its clients know what the algorithm is and how it makes such determinations. You will likely not find out if you are targeted. Even if you did know, you would have little recourse unless you could prove you suffered personal damages.

Initially, the company provided cyber-security services to airports throughout the world. Its technology was part of the mystique of Israel's supposedly unrivalled anti-terror expertise honed through its vigilance against Palestinian attacks. The selling-point was that in identifying and preventing terrorism at Israeli airports, the model could be replicated at airports world-wide. Anti-terror technology became the ‘next big thing’ and Israeli companies reaped the financial rewards.

In order for the digitalID to be effective, it cast a net capturing massive amounts of data. It could be amassed from scores of sources, some public and some accessible through non-public means. In addition to AU10TIX's own database it could buy or gain access to private information compiled by other companies, governments, law enforcement, the courts, intelligence agencies, etc.

The lack of transparency in compiling these databases is troubling, not to mention the invasion of personal privacy that is entailed.

From targeting Palestinians to Twitter

AU10TX uses the type of facial recognition technology developed by the IDF's SIGNT Unit 8200. The latter devises some of the most advanced surveillance technology in the world. It is used to spy on the Palestinian population and identify those who may be blackmailed into serving as informants for the Israeli Shin Bet. Such individuals have, among other things, been tasked with providing crucial intelligence betraying Palestinian resistance leaders targeted for assassination. Such technology causes fear and mistrust amongst Palestinians, turning them against each other and destroying the cohesion of their society.

Reports in technology media now say that X – formerly known as Twitter – is considering requiring registration of a digital ID for its premium users. To enrol one would have to provide a government-issued ID and a selfie. For AU10TIX it would be one more added datapoint to populate its databases. For the company formerly known as Twitter, it would exploit this data to target these high-end users. The only ones who might benefit would be those concerned about protecting their online identity from fraudsters.

#X may be about to release the ID verification!! It seems it'll be necessary to enable the Blue features!

You'll also be able to hide your ID verification badge. pic.twitter.com/hMIrcQh0jZ

— Nima Owji (@nima_owji) August 3, 2023

AUTO10TIX and the spyware companies listed above are products of the Israeli surveillance state. Many of them not only target and assault Palestinians, their products are exported to repressive and genocidal states. Israeli companies like AU10TIX claim they adhere to the highest ethical standards and protect the privacy rights of those whose data it accesses. But when clients use these tools, even for what they determine is a legitimate purpose, they are buying into the technology and ideology which created them.

The facial recognition technology used by AU10TIX to authenticate users is of the same type used by the IDF and Shin Bet to compile images of every Palestinian who enters Israel from the West Bank. In addition, the West Bank is one of the most surveilled places on earth, with CCTV cameras mounted on almost every block of every Palestinian village. This video footage records virtually every Palestinian in the area and is part of a vast database which is mined to identify anyone who could be recruited as a spy; anyone who might be a suspect in an attack on Israelis; or anyone who has never committed or considered committing a violent attack, but who might do so in the future. 

The Blue Wolf app tasks IDF soldiers with taking pictures of Palestinians anywhere they find them for uploading to a database accessed by the Shin Bet and military intelligence. Rewards are even offered to those who take the most photographs.

The process by which the algorithms determine who is considered a suspect is entirely opaque. For that and other reasons, the system is prone to errors. An entirely innocent person could become a suspect and be hounded, arrested or imprisoned for reasons the Shin Bet will never have to make public, not even in a court proceeding.

AU10TIX CEO Dan Yerushalmi unintentionally highlighted precisely this issue: "In a world where 'automation' is actually enhanced by human 'experts' most of the time, AU10TIX stands out with its level of full-process automation." In other words, its product eliminates the need for a human to determine who is legitimate and who is not. For a company like Twitter and a cheapskate like Elon Musk, the prospect of automating the detection of fraudsters may be a godsend. But to the legitimate users themselves, it could be a nightmare.

AU10TIX boasts that it ‘has become the preferred partner of major global brands for…customer verification automation – and continues to work on the edge of what's next for identity's role in society.’

Again, this may be music in the ears of companies which experience high amounts of theft or fraud, but the idea that it is "working on the edge" of authenticating personal identities is chilling. The company it claims it can detect a fraudulent individual or transaction in as little as three seconds.

What is its error rate? How many individuals does it incorrectly flag?  How does it mitigate such errors?  What damage, if any, is done to the reputation or consumer record of someone falsely flagged?

Social media platforms like X consider their customer databases to be their crown jewels. Though they may guard them like Fort Knox, they exploit them to maximum effect as a revenue stream. It allows advertisers to target the particular customer demographic they seek. Once you give Elon Musk your government-issued ID and photograph you have no idea what he's going to do with it. You will have lost your autonomy in determining how these images will be used. You have become a datapoint instead of a human being.

Anyone purchasing X's Blue checkmark and its digitalID should be aware their personal data belongs to Elon Musk.

Richard Silverstein writes the Tikun Olam blog and is a freelance journalist specialising in exposing secrets of the Israeli national security state. He campaigns against opacity and the negative impact of Israeli military censorship.

Follow him on Twitter: @richards1052

Have questions or comments? Email us at: editorial-english@newarab.com

Opinions expressed in this article remain those of the author and do not necessarily represent those of The New Arab, its editorial board or staff.