On July 21, RATEL, Serbia’s Republican Agency for Telecommunications, posted a Document of Instructions
for Technical Requirements for Subsystems, Devices, Hardware and
Installation of Internet Networks on their official web site. This news
didn’t go unnoticed yesterday in Serbian blogosphere and internet
community, as many bloggers expressed various opinions as well as
disapproval because of the potential abuse of users’ privacy.
This document of instructions defines technical requirements for
authorized monitoring of some specific telecommunications and provides
a list of duties for telecommunication operators, which are obligated
to act according to the Constitution Law of Republic of Serbia as well as elements of it.
According to element 55 (Law of Telecommunications), subpart 3,
these Instructions were issued by RATEL in cooperation with public
telecommunication operators and the governmental body responsible for
immediate conduct of electronic monitoring.
This means implementation of massive tracking and archiving in all
forms of electronic communications for the purposes of the national
agency for the security.
Internet Service Providers (ISP) are obligated to enable
governmental bodies to access updated databases with personal data on
users, contracts, maximum speed of data transfer, identification
addresses as well as access to database about email users. ISPs are
also obligated to provide hardware and software for passive monitoring
in real time, collecting and analysing Internet activities, statistics,
interception of email, attachments, web mail, IP video traffic, phone
traffic, interception of IM traffic, peer-to-peer networks, service of
email and forwarding the email content towards the center of
governmental bodies for supervision. Technical requirements (hardware
and software) should enable reconstruction of traffic interception up
to the level of application and filtering within these criteria:
username, user phone number, email address, IP address, MAC address, IM
identification.
All those technical requirements are active and they will be used if
there is request or need of the governmental bodies or police to
monitor in cases of serious security violation or crime act. This
Instruction does not define the privacy of the data as violation of the
citizens' privacy (in telecommunication terms it is forbidden). The
privacy is protected by the Law of Telecommunication, as well as by the
Serbian Constitution.
Similar cyber laws and technical instructions already exist in other
countries. Formally, at least, it's good to have such regulation on one
side where privacy is protected – formally, but, on the other hand, I
am wondering if the Republican Agency for Telecommunications in Serbia,
national security and ISP will (or will not) violate and abuse privacy
of citizens in the internet community in practice.
***
Here are some of the reactions in the Serbian blogosphere, as well as possible solutions for protecting your privacy on the Web.
Tamburix, in a blog post
titled “Big brother is watching, monitoring and recording you” (SRP),
contemplates the invasion of privacy and compares it to Big Brother:
The latest technical requirements of the Republican
Agency for Telecommunications and installation of the equipment for
internet networks in Serbia, brings elements of Big Brother where the
state has permission to get and use all the information regarding our
online presence.
Milan posts a link to the document, saying (SRP) that there is also some positive aspects in this document:
I don't know what to think about this. It can be a good
thing… great thing, to finally put a law in action on Serbian Internet.
On the other hand, the possibilities of misuse are there. If someone
misuses it, then it's really bad. Censorship, espionage, call it
whatever you want.
Rehash blog writes (SRP):
[…] I read a lot of negative comments on this document,
with which I fully agree. I can't say that I didn't expect this to come
at some point. Regulations in the USA, in some countries of the EU and
the UK are restricting their citizens with similar practices. Will our
protests solve this problem? I'm almost sure they won't. For quite some
time, our citizens have been apathetic, and they'll tolerate whatever
repression methods our pseudo-democratic government is using (in the
first year of my studies, professors told me that democracy doesn't
exist). […] Fine, lots of bloggers, geeks, or users of the Internet
will write and protest for some time. After this, silence will come
again. And what to do then?
Vesic Tehnology blog comments (SRP) on the new instructions:
Balkan Spy*, the RATEL/BIA way
It is almost impossible how some “agencies” (read: BIA and similar)
through their puppet organizations (read: RATEL) try to put in use the
most terrifying “technical” documents, which have only one purpose: to
get complete control over your e-life.Constitution? Law? Justice?
We'll get there probably when we make independent agencies from
“independent” agencies, and when justice system and police start doing
their job, and when politicians […] start thinking of “irrelevant”
things, like the well-being of those who have put them where they are
now.You still think that the most important news is the Karadzic's
arrest? Think again. He's one person, and we're getting here the whole
Balkan spy over all of us.
*Author's note: there is a movie named “Balkan Spy”.
Jazzva, a computer science student, critically comments on this (SRP):
Maybe the instruction defines “random user” in order not
to get in the situation where only data on some users is being kept.
And the Constitution defines the access to that data, so someone can
get them only by the warrant issued by the Court, or in the case of
violated security of Republic of Serbia.
Personalmag blog writes (SRP) about Serbia as a country of Big Brother:
What was probably expected in the totalitarian regimes
is happening to us today, paradoxically in the time of “democratic” and
pro-European government. RATEL, a government body for regulations of
telecommunications, […] by issuing some technical document, innocently
named “Technical requirements for subsystems, devices, hardware and
installation of Internet networks” […] is bringing a totalitarian
monitoring of all electronic communications by “responsible government
body.
Two interesting comments on this post:
It is totally out of mind, and so expected. I knew
something like this would happen, and that it would be put into use, as
you said, on the small door. I'll start to crypt my thoughts, not just
e-mails. This needs a reaction! It is intolerable and violation of
basic human rights.
Another comment:
This is a catastrophe. The commenter who said it's the
same as in Western countries – it is, but only when there is a
court-issued warrant [to monitor]. Over there, the providers would be
the first to react if they had to forward traffic and mails on their
own expenses. And how do they think to get VoIP traffic, which is
crypted, like Skype? Do they [responsible government body] expect from
provider to decrypt it and provide it to them on a silver plate? We
also need to protest to international organizations that protect
freedom of speech and freedom of the Internet.
Sasa Bodiroza, a student of Computer Science at the University of Belgrade, writes on his blog:
Serbia’s Republic Agency for Telecommunications (RATEL), has passed a new law regulation
(text in Serbian) on Internet traffic interception and redirection.
Basically, it allows Serbian government to read each and every bit of
our communication, including HTTP, VoIP, e-mail and IM protocol. It’s
not that I have something to hide; it’s just that it’s a serious
violation of my privacy. And I don’t really like that.Update: I think I overreacted a bit in my comment. This legal act is
not supposed to talk about violation of privacy. Violation of privacy
is forbidden by the Serbian Telecommunication Law, and the Serbian
Constitution. The whole purpose of this legal act, as I see it, is to
amend article 55. of Telecommunication Law.
And he further on suggests how to protect your privacy:
Since we can’t change the law immediately, the least we
can do is to protect our privacy. We can use encryption methods to
encrypt our communication. Here are few advices.
Aleksandar Urosevic finishes his blog post (SRP) in a humorous manner, using irony:
From Urke's cookbook: tomorrow, you too, my dear
readers, will know which toilet paper I prefer, and which finger I use
to pluck my nose. Why should the government be the only privileged to
this crucial information about me, I know that “the people should know”!
***
A question to Global Voices readers: What are the regulations in your country and do you feel like being watched/monitored?
Source: Global Voices Online , used under Creative Commons license
