Protecting personal data requires vigilance and education. (source: SME)
THE DEBATE over internet privacy has become ever more heated in the wake of recently published stories about alleged cooperation between the US intelligence service and private companies. The story was broken by British daily The Guardian, which received a leaked document prepared by the US National Security Agency (NSA) that describes the secret PRISM programme, which grants the agency direct access to the internet giants’ servers.
Recent press reports have prompted a discussion over the possible use of private information and state surveillance in Slovakia.
Cases like this have only a minimal impact on the behaviour of ordinary internet users, said Gustáv Budinský, executive manager of the Slovak IT Association.
“I think that after such cases it is the criminals on the internet who become more careful,” Budinský told The Slovak Spectator.
He added that the majority of people, especially those with accounts on social networking websites, already give up their privacy voluntarily.
When asked whether the current valid laws regarding the protection of personal data are effective enough, Budinský said that the question of security and protection of personal information does not depend solely on legislation. Much like how people lock their homes to avoid being robbed, security on the internet is a question of vigilance and education, he added.
“Of course the legislation regarding the protection of personal data should be better, but I do not know about this being the biggest problem,” he added.
Providing data by Slovak companies
Some media reports indicate that it is possible that companies active in Slovakia might also be cooperating with the state. Microsoft, for example, informs its clients about errors in its products even before it issues the official press release and prepares the updates, the Sme daily reported.
“Microsoft has several programmes through which it publishes information related to software security,” Hana Kamenistá, marketing communication and PR manager at Microsoft Slovakia, told Sme.
The company provides the so-called Security Cooperation Program (SCP) for government agencies, through which it informs about planned security updates before their official release, Kamenistá added.
Such information could, in theory, allow government agencies to learn about security holes, through which they could implement malware and wiretapping systems on other web servers, Sme wrote.
Moreover, several Slovak companies, including the provider of the Zoznam.sk website, use Microsoft’s Outlook for sending and receiving email. The inboxes are located on foreign servers, as opposed to Slovak ones, most of which are in Ireland and the US, Microsoft told Sme.
Both Zoznam and Microsoft responded to Sme that they observe the current valid legislation, and that they provide the authorities with data only if they receive a court order.
In addition to Microsoft, other firms, especially those selling anti-virus programmes, provide the state with information regularly. For example, McAfee collects information about computer security and the spread of malware. Slovak company Eset, whose anti-virus programmes are installed on approximately one in two computers, also cooperates with the state.
Yet, representatives of both firms say that they do not provide data on clients to the police, but only help reveal authors of viruses or hackers.
“Cooperation has not been launched at such extent [as] on the US market,” Eset spokesperson Zuzana Hošalová told Sme.
What Slovak laws say
Slovakia has its own law on protecting privacy from unauthorised use of so-called information technical devices (ITP), passed in 2003, which stipulates that such devices can be used only by the police, the Slovak Information Service (SIS) intelligence agency, Military Intelligence (VS), railway police, the Justice and Prison Guard Department and the customs office, only to the event that it is necessary for ensuring national security and defending the state, preventing and investigating crimes and protecting people’s rights and freedoms. Wiretapping can only be done after the police or intelligence services receive approval from the court, which is valid for six months.
While in the case of the SIS it is its director who decides when to use ITPs and to what extent, for the VS it is the defence minister. Both institutions have to ensure that the technology will not be abused.
In addition, the law on electronic communication from 2011 states that the Telecommunication Office might provide the police and intelligence services with transcripts and details about the conversations only with the approval of the court.
Budinský says that with every amendment to the law on electronic communication there is an attempt to broaden the scope of eavesdropping or monitoring of people. It is questionable whether the justifications employed by the police and intelligence services who talk of the need of state security do not come at the expense of people’s rights and freedoms, he added. In this respect, Budinský mentioned the latest amendments to the law, which were contested at the Constitutional Court in October 2012, saying that the extent to which legal monitoring of electronic communication had been proposed was too broad.
“I consider the argument that ‘if you do not act illegally you do not have to fear eavesdropping or monitoring’, which is used sometimes, [to be] extremely dangerous,” he told The Slovak Spectator.
Wiretapping journalists
Slovakia had its own eavesdropping scandal when the Pravda and Nový Čas dailies reported on November 21, 2011, that three reporters from Pravda’s domestic politics department – head Patrícia Poprocká and reporters Peter Kováč and Vanda Vavrová – as well as former head of TV news channel TA3, Michal Gučík, had been wiretapped by the then Military Defence Intelligence (VOS). It also emerged that the VOS was involved in the wiretapping of two senior Defence Ministry employees, according to leaked documents obtained by Slovak media outlets.
Then prime minister Iveta Radičová later dismissed then defence minister Ľubomír Galko, as well as Pavol Brychta as head of the VOS, and named Róbert Tibenský as his replacement.
It was Brychta who signed the request to use information technical devices to bug journalists. The wiretapping – officially referred to as “monitoring the contact base” of journalists – was approved by a judge.
Galko of the Freedom and Solidarity (SaS) party argued that the wiretaps were performed legally and were intended to uncover criminal activity. SaS alleged that Galko’s sacking was actually a political attack on the party.
In early December the parliamentary defence and security committee said it suspected that the VOS had made fraudulent appeals to judges to approve wiretaps. Radičová, commenting on the results of the committee’s findings, suggested that most of the VOS’ actions did not relate to its primary functions under the law but rather to probes into its own personnel and leaks from within, adding that the internal control system had been altered so that wide-ranging leaks of information had become possible.
