TL;DR: Israel's State Comptroller published a 276-page report on January 20, 2026, confirming what investigators suspected for years: Israeli police ran illegal surveillance operations using Pegasus spyware and other hacking tools without authorization. Police deployed Pegasus "hundreds of times without legal review." Of roughly 14,000 surveillance requests examined, 40% resulted in illegally collected data. Targets included minors, crime victims, journalists, and public officials. The comptroller called it "prohibited, serious, and offensive." Police rejected the findings.
What the Comptroller Found
State Comptroller Matanyahu Englman didn't mince words. His 276-page audit of Israel Police surveillance operations from 2015 to 2021 describes "fundamental and systemic failures" across law enforcement.
The numbers tell the story:
- ~14,000 surveillance requests examined
- ~11,000 actually implemented
- 35 of 35 sensitive wiretap requests lacked required State Attorney approval
- 37% of requests involving protected individuals approved without proper authorization
- 89% of computer surveillance used "exceptional" judicial orders instead of standard warrants
- 40% of targets had information collected that police knew was prohibited
The comptroller examined 15 surveillance tools: nine for hacking and eavesdropping, six for auxiliary data collection. These tools could access WhatsApp messages, photos, and remotely activate phone microphones and cameras.
Pegasus: Hundreds of Unauthorized Deployments
The report confirms what Calcalist first exposed in 2022: Israel Police used NSO Group's Pegasus spyware against its own citizens.
Pegasus is the most invasive spyware ever documented. Once on a phone, it accesses everything: messages, emails, photos, location, microphone, camera. The target never knows.
According to the comptroller, police deployed Pegasus "hundreds of times without legal review and approval." Officers bypassed existing safeguards and operated tools manually, without oversight.
The comptroller described these actions as "prohibited, serious, and offensive."
Who Got Hacked
The surveillance wasn't limited to suspected criminals. Police targeted:
- Minors: Children, with no parental notification
- Crime victims: People who came to police for help
- Public officials: Politicians and government employees
- Protected professionals: Journalists, lawyers, doctors
- Non-suspects: People not accused of any crime
The report documented 23 cases of unlawful historical data collection and 14 cases where illegally obtained material was actively used, including 10 intelligence operations that relied on tainted information.
In one instance, prosecutors had to withdraw evidence after discovering it came from illegal surveillance.
The Scale
Police surveillance collected massive amounts of data:
7.5 Million Outputs
From a single surveillance tool alone
50 Terabytes
Total stored surveillance data
~9,500 Targets
Between 2019 and 2021
4 Companies
Providing surveillance technology
This wasn't a rogue unit. This was institutional practice.
Where Oversight Failed
The comptroller didn't just blame police. The Attorney General's Office shares responsibility.
Legal advisers approved surveillance tools they didn't understand. The AG's office failed to "proactively request information" about what these tools could actually do. They gave legal permission without knowing what they were permitting.
The report identifies "a growing erosion of restraint in the exercise of power in the field of wiretapping" stemming from poor communication between the Justice Ministry and police.
Four surveillance tools were introduced based solely on internal police legal advice, no external review. Three tools were used without any police legal adviser authorization. Two exceeded their approved legal authority after internal approval.
Police Response: Rejection
Israel Police rejected the comptroller's conclusions. They characterized the examined incidents as "lawful" and claimed most issues were already addressed through the 2023 Merari Committee report.
The Public Defender's Office took the opposite view, calling the findings "troubling and deeply concerning" and noting systematic failures in oversight, supervision, and statutory regulation.
Justice Minister Yariv Levin and National Security Minister Itamar Ben-Gvir were urged to ensure recommendations are enforced. As of December 2025, the comptroller found corrective action remained incomplete.
The Pattern
This isn't Israel's first surveillance scandal. In 2022, Calcalist revealed police used Pegasus against activists, journalists, and political figures, including people close to then-Prime Minister Benjamin Netanyahu's corruption trial.
The government initially denied everything. Then they appointed a committee. The committee confirmed abuses. Four years later, the comptroller's 276-page report shows little changed.
Meanwhile, NSO Group (the company that built Pegasus) faces lawsuits from Apple, Meta, and governments worldwide. The spyware has been linked to surveillance of journalists, dissidents, and human rights workers across multiple countries.
Why This Matters Beyond Israel
Israel is a surveillance technology exporter. NSO Group, Candiru, and other Israeli firms sell spyware to governments worldwide, including authoritarian regimes with poor human rights records.
If Israeli police can't resist abusing these tools on their own citizens, with their own legal system, what happens when the buyers are Saudi Arabia, the UAE, or Mexico?
The comptroller's report is a case study in what happens when surveillance technology outpaces legal frameworks. The tools existed. The safeguards didn't. Police used them anyway.
What Happens Next
The comptroller recommended legislation to regulate spyware use. Israel's Attorney General has acknowledged existing laws are "decades old and unsuited to current technological realities."
But legislation takes years. Political will is uncertain. And the surveillance apparatus remains in place.
The report documents what happened between 2015 and 2021. Nobody's examined 2022 to present. Four more years of surveillance capability, with the same institutional weaknesses.
References
- Jerusalem Post - Israel Police carried out illegal surveillance for years, probe finds (January 20, 2026)
- Haaretz - Israel Police Used Unapproved Spyware for Years (January 20, 2026)
- Calcalist - Comptroller confirms police use of spyware without approval (January 2026)
- Ynet - Police used nearly 13,000 wiretaps without clear legal basis (January 2026)
Published: January 25, 2026