We have to abolish Regulation № 40, which gives the Ministry of Interior the right to retain data for every Internet-user

We have to abolish Regulation № 40, which gives the Ministry of Interior the right to retain data  for every Internet-user who has an e-mail, instant messaging software or simply surfs the web, appealed the member of the Parliament, Mr Nikolay Kamov during the discussion of the scandalous enactment.

He added that he could enter a request for its abolishment as a representative of the Bulgarian Parliament.
The discussion was chaired by the ombudsman of the Republic of Bulgaria Mr. Ginyo Ganev.

Arguments and reasons on the subject gave representatives of the Ministry of Interior, State Agency for Information Technologies and Communications, MPs, NGO members, journalist and many others.

The problem is that free citizens will be under surveillance; citizens who are not suspected criminal; not guilty nor defendant, Mr Bogomil Shopov explained, member of e-frontier.

He added that through the Regulation the State becomes the main violator of the rights and freedoms of the people, because the Ministry of Interior will have the physical possibility to use the gathered information for any other reason. According to Shopov this makes the Bulgarian citizen guilty until the proof of the contrary.
Nobody has the confidence and the guarantees that the guards will obey the rules, created by them, Dimitar Stoyanov, Bulgarian representative in the European Parliament, said to the audience.

It cannot be allowed an European Directive, which is the reason for the making of Regulation No 40, to violate the rights of Bulgarian citizens, he added.

Ekaterina Boncheva from the so called “Dossier Commission” said that the regulation resembles the totalitarian projects “Vihren”, “Pirin” and “Rhodopi”, which are related to bugging and surveillance of opponents of the political system of that time. This Regulation has no future, Boncheva added in conclusion.
The ombudsman of the Republic of Bulgaria, Mr Ginyo Ganev underlined that there should be a balance regarding the human rights, affected by the regulation.

e-frontier @ Global Voices

On Jan. 30, the Bulgarian government promulgated Decree 40, which, among other things, allows the security services to gather from each internet user the data about who they have written to, who is on their contact lists, what instant communication agents they are equipped with, when they used them and the precise manner of using them. Institutions attributed the act to the requirements of Directive 2006/24/EC, but the majority of internet users in Bulgaria interpreted it as an encroachment on their civil liberties.

The civil initiative Electronic Frontier published on the internet a petition (BUL) against the decree, signed by over 1150 people already, and a number of Bulgarian bloggers put banners to support the campaign on their blogs.

Read more here. 

Data retention and politics

The partner in the tripartite ruling coalition, the National Movement for Stability and Progress (NMSP), finally managed to regain the top seat in one of the most important committees in Parliament. On February 20, NMSP MP Mincho Spassov was elected chairperson of the internal security and public order committee, entitled to summon to hearings the heads of Bulgaria’s special services.Spassov’s nomination did not come as a surprise because his name had been circulated in Bulgarian-language media for weeks. In an interview for The Sofia Echo on February 8 Spasov did not deny reports that he was going to be the committee’s new chairperson. The need for new leadership of the committee in question appeared after 14 MPs split from the NMPS last December. Among them was Nikolai Svinarov, chairperson of the committee and former defence minister in the cabinet headed by NMSP leader Simeon Saxe-Coburg (prime minister 2001-05). The 14 MPs, whose number later grew to 17, formed the biggest by size opposition group in Parliament, Bulgarian New Democracy (BND). Svinarov’s departure from the NMSP meant that he had to vacate the posts he took in his capacity as NMSP MP. The BND’s leader Borislav Ralchev called upon his former colleagues from the NMSP to refrain from asking for the change, but his calls were not heeded. On February 8, Spassov said that among his priorities as chairperson of the committee will be the information systems of the Interior Ministry.

Spassov said that the NMSP has formed a working group that would investigate the issue with regard to the European Directive on Data Retention (DRD). If approved by the Government, as was the intention, all personal e-mails, chat programmes and data could legally be monitored by the Interior Ministry. If the DRD proved to have provisions that were anti-constitutional, Spassov said the NMSP would ask the Supreme Administrative Court to examine it.

The debate, instigated by the DRD, has proven to be a completely new issue for Bulgaria. Until now internet privacy was rarely a subject on the agenda of any of Bulgaria’s high profile politicians.

With the DRD issue taken on its own, another subject looms – namely spamming. Although Bulgaria is at the eastern end of the European Union, the country’s citizens and businesses are well exposed to anyone who targets them as potential customers. Despite the fact that Meglena Kouneva – the EU commissioner for consumer protection – is Bulgarian, the existing legislation regarding spam protection has reaped few results. Internet users are constantly open to “attacks”.

In theory, all should be fine. The Law on Electronic Commerce provides for sanctions for anyone sending unrequested e-messages, i.e. spamming. Individuals could be fined between 250 and 1500 leva and companies between 500 and 2000 leva. The maximum sanction possible for repeated violations is 4000 leva, the law says.

Furthermore, the law provides that each service provider, who sends unrequested commercial messages via e-mail, has to mark – unambiguously – the message as such. Users must be well aware that the message they receive is a commercial one and that they have received it without prior requirement because such messages are considered advertising, whether sent to a person directly or not.

Individual usage of information for direct access to the activities of the providers, their domain name or e-mail address, as well as information for the goods or services offered by the provider, collected independently (if information collection is not a paid service) are not considered commercial messages.

Spamming individuals, however, is forbidden. Following that logic, however, spamming companies is not banned.

To improve things Parliament assigned the Cabinet to approve a regulation for the creation of a register of companies that do not want to receive spam. Unfortunately, a year after the law was adopted, such a regulation still does not exist, neither does the register. The spam, on the other hand, still does.

The Law on Electronic Commerce has been in force since January 1 2007. It follows the EU regulations in the field – the Electronic Commerce (EC Directive) Regulations 2002. It was among the pride and joy of the Government that considered it well implemented. When the law provides for sanctions, there should be someone users can complain to. In this case it’s the Consumer Protection Commission (CPC). The law says that e-mail users, individuals who suffer spammers’ attacks, should complain before the CPC, which was designated as the controlling body for the spam-sending restrictions. The commission is a controlling body for a total of 11 regulations, but has only one telephone for consumers’ complaints.

As all EU member states introduced the Electronic Commerce (EC Directive) Regulations 2002, Bulgarian authorities can track the spammers, if they come from a EU country, cease the spam sending and impose a sanction on the provider of unrequested messages, after co-ordination with the controlling bodies of electronic commerce in the country concerned.

However, more often than not, reality is different. The spammer is usually based in Asia or America and cannot be sanctioned, even if the local controlling bodies co-operate for its location. In this case the commission can provide only technical help, i.e. anti-spam software.

Actually, no one has been fined for spamming as not a single complaint for spamming had been filed before the consumer protection commission by mid-February 2008. If any complaint was filed, the lack of a register would not prevent the commission taking necessary measures to track and fine the spammer, authorities promised.

SofiaEcho 

Data retention directive discussion

Decree Number 40 on data-retention from the citizens’ electronic communications, adopted and developed in Bulgaria by the Interior Ministry (IM) and the State Agency of Information Technologies and Systems (SAITS), gathered about 200 people for a discussion on March 19 at Bulgarian news agency (BTA).

Bulgaria’s ombudsman Ginyo Ganev, the Social-Democratic Forum and the civil initiative “Electronic Border” organised the public discussion called ‘Rights and security – the new risks’.

Ganev started to check the texts of the data-retention decree after he was asked to do so by civil organsations who said the decree violates basic human rights and freedoms.

According to Ganev the personal data planned to be collected by the state should be presented only to the relevant bodies but only in specific cases. He said the data-retention decree violates art.32, par.2 and art. 34, par.2 from the Bulgarian Constitution, as well as art. 41, according to which everyone has the right freely to receive information. Moreover, the data-retention decree is in violation of art.8 of Europe’s Convention on the Rights and Freedoms, which foresees the sanctuary of personal life.

According to Bogomil Shopov from Opensource-Bulgaria Society the problem’s aspects are juridical, social, economical and technical, and include human rights issues. Shopov also claimed the Interior Ministry is a not a transparent institution and it does not provide any possibility of civil control over the information that is planned to be recorded.

Shopov further said that Ireland is suing the European Union (EU) over the data-retention directive, in Germany and Italy local authorities had been successfully attacked for adopting the directive, while in The Netherlands various discussions are being organised. He further said only seven countries adopted the data-retention directive in EU.

However, SAITS deputy chairperson Dimitur Stanchev said more than seven countries adopted the directive. The Check Republic and Latvia are among them, while Lithuania and Estonia are in a process of discussing its implementation. He said in Bulgaria what would be recorded included the author, his or her location, the conversation length, the time, and the person contacted.

Stanchev further said the data collected in Bulgaria would be kept for 12 months and if there is no interest in it during this time, it would be automatically deleted.

The European Parliament is planning to revise the data-retention directive in 2010 to find out how it is implemented throughout the EU.

SofiaEcho 

After pressconference

BTA – 10-02-2008/20:47
Sofia – Opposition MPs and civic associations will challenge an ordinance, issued by the Interior Ministry and the State Agency for Information Technologies and Communications before the Supreme Administrative Court next week, Democrats for Strong Bulgaria MP Neno Dimov said. The ordinance concerned the categories of data and the procedure of storing and making them available for the needs of national security.

A protest against Directive 2006/24/ЕC about data retention

A protest against Directive 2006/24/ЕC, which allows traffic data to be gathered for every single Internet user, was held yesterday (07.02.2008) in Sofia.

The demonstrators made it clear, that retention of e-mail correspondence, Internet traffic and any similar information, which is to be kept for 1 year, is directly violating the rights, laid in the Constitution of the Republic of Bulgaria and it cuts across all moral principles.

The demonstrators were also against the requirement, which states that the user should be identified by his/her IP address, together with other information such as personal citizen number, address on which the service is being used and the user’s full name.

Data retention gives the State enormous powers. With this tool it is able to watch and control its citizen’s personal lives, and this is in violation of the fundamental right of inviolability of personal life and protection of the secret of documentation. It is formally justified with the necessity of protection of the national security and crime prevention: namely terrorism and child pornography distribution

This regulation makes it obligatory for the providers of Internet services to keep and submit data on their expense, thus indirectly terminating smaller Internet providers and making the others invest huge amount and efforts to fulfill the requirement. The process of data retention is impossible without filtering all the packages which is risky, because the content may be read and directed in another direction; that was one of the numerous comments, heard at the protest.

People in Bulgaria don’t trust the authorities, who are supposed to keep and access the information, because of the number of violations done while keeping other personal data and because of the special characteristics of our political system. All these things add some more worries for our rights in the global net.

The campaign was covered by all majour Bulgarian TV networks, newspaper and electronic media. Electronic Frontier Bulgaria (EFB) representatives took part in several TV talk shows, debating the very same problem.

Electronic Frontier Bulgaria, who organized the protest, stated that next week they were going to attack the regulation in the Supreme Administrative Court and they were going to start discussion with political parties in order to find adequate answer to the Directive, which violates basic human rights. The Constitutional Court is expected to be approached, as well as broader informational campaign on the subject, which will be targeted on clarifying the seriousness of the regulation’s requirements.

Contacts:

+359 897 615128

board @ opensource-bulgaria.org

SofiaEcho: Protests in Sofia against data retention directive

On January 7, about 50 protesters gathered in the centre of Sofia to rally against Bulgaria’s adoption of the European data-retention directive.

Under the directive, Internet service providers (ISP) and telecom companies would be required to collect traffic data on their clients. Data collected for telephone calls would include the time the call was made, the number called and, for cellphones, data on the geographical position of the caller. In the case of ISPs, the data would include when and to what email addresses email has been sent, instant message contact names and times and dates they have been contacted, websites visited, and so on.

The European directive has been accepted in December 2005. Bulgarian Parliament recently approved the directive, which was published in the State Gazette on January 30 2008.

According to protesters, the data retention directive expands the rights of police surveillance and violates many of the instruments that guarantee human rights in Europe, including the Data Protection Directive and the European Convention on Human Rights, as well as article 34 of the Bulgarian constitution.

Article 34 of the Bulgarian constitution states that „the freedom and confidentiality of correspondence and all other communications shall be inviolable.“

The directive was intended to register traffic data, not correspondence content. The problem is that with internet correspondence, they are often inseparable. The address of a website not only contains information on its location, but also on its content.

Protesters said that data retention means that government could interfere with a person’s life and personal correspondence, irrespective of whether that person is suspected of a crime or not.

“No survey on the fight against terrorism, carried out anywhere in Europe, has concluded there was a need to create a database of such scale, which also contains confidential information,” the protesters said in a media statement.

Many protesters were internet users, software developers and students. Posters they carried read „If you exchange freedom for security, you will end up losing both“ and „No to eavesdropping on the Internet“.

Some of the protesters had covered their heads with aluminium foil, which was said to prevent spying.

Protesters signed letters addressed to the State Commission on Information Technologies and Communication, which said that “data retention is not the solution” and urging it to “stop spying”.

Bulgaria has requested the EU to be allowed to postpone the introduction of data retention for internet service providers until 2009. For fixed line and mobile telephone communications, the directive went into effect on February 2 2008.

Under the European directive, the data has to be stored for a minimum period of six months, but no longer than 2 years, leaving room for individual member states to decide how long they want to have the data kept. According to Bulgaria’s Electronic Communication Law data should be retained for 12 months, Dnevnik daily said.

Pictures from protest.

Some rights reserved by Michel

A free (as in 'freedom') lunch as a way of protesting. – Data Retention is no solution

Do you appreciate your freedom? How much? Do you want the police to watch closely everything you are doing on the Internet and to record it?


What are we talking about?

The regulation, stipulating that the agencies will be able to collect information from every user on the Internet, was published in the State Gazette yesterday. The information may of any kind: who has written to whom, what contacts one has, means for instant messaging, when they have been used and how and many other.

Data Retention is no solution!

If you want to express your opinion and that you appreciate your freedom, do come to the protest called A Free Lunch.

Most protests are held during the evenings, but institutions are asleep in the evenings, so you can dedicate your lunch break to Internet freedom.

Free Lunch 1

When: Thursday – 07 February 12.30 to 14.30
Where: In the garden at 6 Gurko str. in front of the State Agency for Information Technologies and Communications.


The protest is legal, since there is an application in Sofia Municipality. If there is a change in the location, please follow these news.
Come and bring your messages, bring your T-shirts or posters, bring whatever you like so we can demonstrate that FREEDOM matters and we don’t accept to be watched by someone.

More news to follow soon.

Contacts:

jabber: foss@jabber.minus273.org (this is messenger address, not e-mail)

e-mail: board @ opensource-bugaria.com

+359 897 615128

Organizers

The purpose of the „Yes to Foss“ project is to:

  • Promote free software, open source software and open standards in the State Administration (SA) of the Republic of Bulgaria and in other fields of the management, economics and households.
  • Actually united companies dealing with development, integration and promotion of open source, free software and culture.
  • Organize events and campaigns to promote the implementation of open source, free software, open standards and technologies.
  • Cooperate with similar organizations for protection of the digital rights, software freedom and ideas.
  • Participate in projects, researches and cooperative initiatives related to open source, free software and culture and for to the preservation of digital rights.
  • Stimulate and promote open source or free software projects developed in Bulgaria.
  • Assist small and medium enterprises in finding ways for open technological development.

What’s wrong with that?

Nov 4th

Today the Ministry of State Administration and Administrative Reform has announces a tender for the purchase of 60 000 new licenses for Microsoft products by the year 2012. The interesting fact this time is that the order is specifically given for this company’s products.

According to the Ministry’s press release, “The few examples of migrations to other platforms show a necessity of serious financial resources, including for retraining of the staff to work with the new software systems, as well as a long enough period of implementation.”

What’s wrong with that?

  1. „The experts“ don’t have a clue what it is all about.
  2. The state will spend millions to purchase those licenses
  3. It will oblige our Administration to use this company’s products by 2012
  4. It will give all the data, used or stored by the Administration, in the hands of a commercial organisation
  5. It will surrender the management of all the State Administration’s processes on local and national level in the hands of a single company and its products
  6. The purchase of software from Microsoft leads to dependence on one company, contributes to the brain drain and it is unnecessary spending for us tax-payers. The money may be spent on development and research activities for Bulgarian projects and trainings of the state administration to work with open source based software.

The State becomes a hostage of a single company

It is known for years that the Microsoft OS is like a black box. You have put inside it everything you know, but you actually don’t know what is inside it and how exactly it works. What will happen if in one nice moment it just starts to change its properties on its own, which is what is happening now according to this news?

What will happen if all your documents disappear mysteriously? Because this black box may start destroying them in this very moment, and according to its license its manufacturer is not responsible and even if he is, it doesn’t matter that much since our entire administration works with it.
Sell something to someone and keep your customer a hostage – great strategy! Having in mind that 80% of the state structures are using Windows, what would happen if the OS stops working because it has downloaded the new version of a given file?

You trust something you don’t know how it works and what it consists of. You’ve got yourselves a black box and you are building all your work over it. And it is going to explode soon. 5 millions Skype users already felt what it was like to rely on the black box and its ability to update itself. Great! Bravo! Hurray! And what if the state stops working? I mean if it really stops working? No state administration, police, army, electricity?

The state is paying millions for years so it can depend on private interests? Until when we are going to lack the certainty that we are living in a country which can provide it own security alone?

Facts: Microsoft lies

According to this information „Microsoft Bulgaria will provide about $1 million to build a national network for the training of 30,000 civil servants in computer skills, managing director Teodor Milev told journalists on Tuesday.

On May 17, State Administration Minister Dimitar Kalchev and the director of Microsoft Bulgaria signed an agreement by which the state administration would receive 30,000 packages of MS Windows XP and MS Office XP software in Bulgarian. The cost of the programme products is $13,650,000 or $455 per package. According to the agreement, Microsoft Bulgaria will cover the training costs. “

This information is from 20 Jun 2002 and if you guest so, this never happened