Europeans' health data sold to US firm run by ex-Israeli spies

Original Article ↗ Hacker News Discussion ↗

Israeli-Linked Firm and Surveillance Allegations

  • Several commenters assert a recurring pattern of companies run by alumni of an Israeli signals-intelligence unit operating data-heavy or “telemetry/surveillance” businesses, with little visible government pushback.
  • Others reject this as conspiratorial or xenophobic framing, arguing it’s natural that an elite technical unit produces successful cybersecurity entrepreneurs, similar to MIT/Stanford graduates.
  • Some see the article’s emphasis on “ex-Israeli spies” as inflammatory, akin to guilt by association, with accusations of propaganda and generalized suspicion of Israelis.

What Zivver/Kiteworks Actually Does & Security Concerns

  • Critics say the whole model (a web portal that decrypts or scans documents server-side) is structurally incompatible with true end‑to‑end privacy; the operator necessarily sees plaintext at some point.
  • Dutch-language reporting referenced in the thread claims security researchers found cases where data was transmitted in plaintext and not properly end‑to‑end encrypted.
  • Defenders counter that Zivver openly advertises server-side content scanning, so this is not a “backdoor” but the declared design; they see no concrete evidence of a state-intel dragnet behind the acquisition.
  • Some float a honeypot theory (intelligence services buying an already-flawed product to exploit), while others insist this remains speculative and conflates ordinary security bugs with espionage.

Jurisdiction, Extradition, and Trust in US/Israel

  • Multiple comments argue that any US- or Israel-controlled entity handling EU health data is problematic because of those countries’ surveillance laws and political track records.
  • There is debate over how willing the US and Israel are to extradite their nationals, and whether either state can be trusted not to leverage such data for intelligence purposes.

Unit 8200, Mandatory Service, and Ethics

  • Some describe the unit as the “MIT of Israel,” noting conscription funnels technically strong recruits into it, which later fuels the startup ecosystem.
  • Others stress that Unit 8200 is not merely “cybersecurity” but a core signals-intelligence and targeting organization, raising moral questions about veterans building products around highly sensitive foreign data.
  • A side debate unfolds about individual culpability under conscription versus voluntary military service.

European Attitudes to Health Data Privacy

  • Numerous European commenters state they care deeply about medical privacy—often more than about general data—citing fears around discrimination, blackmail, stigma (mental health, HIV, pregnancy), and future political shifts.
  • Some describe opting out of national electronic health records and express anger at being forced to use tools like Zivver without meaningful consent.

GDPR, Enforcement, and US Tech Dependence

  • There is frustration that GDPR is poorly enforced (especially via Ireland), producing cookie banners but limited real restraint on large platforms.
  • Commenters worry that EU governments themselves increasingly mandate or de facto require interaction through US platforms and clouds, undermining “digital sovereignty.”
  • Several argue Europe should insist public systems use EU-controlled, open, and auditable infrastructure, particularly for health data, even if that means funding “EuroTube/EuroMail”-style alternatives.