SEEsummary #36
March 2020
Issue no. 36 of the SEEsummary, published on 31 March 2020. This issue covers Internet governance and digital policy developments that occurred in South Eastern Europe and the neighbouring area (SEE+) in March 2020. Also included: a list of free online courses and tools for remote work, and an overview of upcoming capacity development and other opportunities for SEE+ stakeholders.
Contributors to this issue: Meri Baghdasaryan, Maja Ćalović, Grațiela Dumitrescu, Katarina Gevorgyan, Aleksandra Ivanković, Olga Kyryliuk, Neli Odishvili, Oliana Sula, Veronica Ștefan. Coordination: Olga Kyryliuk. Design : Charalampos Kyritsis
Discussions between the Slovenian government and UNESCO regarding the opening of an artificial intelligence (AI) research centre started in 2018. Two years later, in March 2020, the two parties signed an official agreement establishing the International Artificial Intelligence Research Centre (IRCAI) with location in Ljubljana. IRCAI is the first global AI centre created under the patronage of UNESCO. The purpose of the centre is to establish an open and transparent environment for AI-related research and discussions, as well as to provide public and political support in the preparation of respective guidelines and action plans worldwide. IRCAI will have a global reach and will consult all stakeholders on systemic and strategic solutions for the AI introduction in different areas. It will support the establishment of assisting research centres in other countries, the development of training programmes, the fostering of global awareness, and setting up of networks for research and knowledge exchange.
The servers of the city administration of Novi Sad, a city in Serbia, have been blocked as a result of a cyber attack. To some extent, it affected the unified billing system, public registries, the city video surveillance system, preschool institutions, and almost all public companies. The information system of the public utilities company Informatika, which was infected with ransomware, suffered the most. Hackers demanded payment in bitcoins to enable decryption. Informatika stated that any misuse of citizens’ personal data is excluded given that the database is stored on another platform. As the city refused to pay a requested compensation, it lost data about utilities’ debts, tax returns, building permits and other important information, the exact amount of which is not disclosed. These data cannot be recovered as the backup was also encrypted by the attacker. However, they are available in paper form, and civil servants are going to manually fill a new database.
Two days later, the Minister of Finance and Treasury of Bosnia and Herzegovina, Mr Vjekoslav Bevanda reported to the State Investigation and Protection Agency and the Intelligence and Security Agency a hacking attack on the ministry’s website. The latter displayed a message saying ‘No Peace with Serbia – Ethnic Albania’. Mr Bevanda stated that the website offends other states and people with threatening and insulting nationalist messages, and, therefore, requested an urgent investigation of this case.The cyberattack was signed by ‘Albanian hackers’.
During their third cyber dialogue, the USA and Ukraine reviewed ongoing and proposed US cybersecurity assistance projects related to strengthening critical infrastructure, developing a national cybersecurity strategy, enhancing cyber defense and incident response, raising cybersecurity awareness, and providing training on industrial control systems and digital forensics. To support the implementation of the above, the USA announced its readiness to grant Ukraine an additional $8 million. In total, the Department of State will invest around $38 million over the next four years to build Ukraine’s cybersecurity capabilities, and strengthen its legal and regulatory frameworks. Additionally, the Federal Bureau of Investigation (FBI) handed a certificate to the Cyber Police Department of the National Police of Ukraine, and the Prosecutor General’s Office for cooperating with the FBI in arresting and extraditing cybercriminals who freely operated in Ukraine for many years.
Together with the Geneva Centre for Security Sector Governance (DCAF), the Romanian National Computer Emergency Readiness Team (CERT-RO) organised a working meeting with CERT representatives from the Western Balkans region (Bosnia and Herzegovina, Montenegro, North Macedonia and Serbia). The two-days meeting revolved around the need for strengthened regional cooperation through identifying cooperation perspectives and opportunities. One important output of the meeting was the proposal to build a common platform that could enhance regional cooperation, facilitate information sharing, and improve cyber education and training on information security skills. CERT-RO representatives proposed a set of objectives for future cooperation, which will be further analysed by the institutions whose representatives participated in the meeting.
The Georgian Cyber Security Bureau joined NATO’s Malware Information Sharing Platform (MISP), which is a threat-sharing defense initiative co-financed by the European Union. MISP is aimed at enhancing cooperation in fighting cyber threats by speeding up the detection of such incidents and devising defense countermeasures. Georgia became the second non-NATO member state to join the platform. It is expected that sharing information on cyber threats would strengthen the country’s cyber security potential.
Microsoft partnered with organisations across 35 countries, including with the Romanian National Computer Security Incident Response Team (CERT-RO), to disrupt the Necurs botnet, which has infected more than nine million computers worldwide. The disruption of the operation of this criminal network is the result of eight years of global investigative effort. Recently, the CERT-RO analysts observed an exponential growth of spam campaigns through emails, which correlates with a global increase reported by Microsoft. Necurs uses a massive network for distributing spamming emails. For instance, during a 58-day investigation period Necurs-infected computers sent 3.8 million spam emails to over 40.6 million people. According to Microsoft, Necurs is used to perform a wide range of scams, including pump-and-dump stock scams, fake pharmaceutical scam emails, and ‘Russian dating’ scams. It can also be used to steal credentials for online accounts and people’s confidential data, as well as distribute financially targeted malware, ransomware, and crypto mining. CERT-RO and Microsoft recommend users to regularly scan their PCs with a special tool – support.microsoft.com/botnets – to make sure they are not infected by this type of malware.
During a joint multinational operation, Europol together with the Romanian National Police arrested a criminal group of 14 people who managed to steal over €500 000 from unsuspecting victims in Austria through SIM swapping attacks. This fraudulent practice is believed to be one of the biggest threats to telecom operators and mobile users. After taking control over victim’s cell services, hackers can easily access incoming phone calls, text messages and one-time verification codes sent via SMS messages as a part of the two-factor authentication. Using these authentication codes hackers make fraudulent transfers from victims’ bank accounts. In order to keep safe from these attacks, Europol recommends setting up a PIN to limit access to the SIM card, delinking phone numbers from online accounts and using an authenticator app or a security key to secure accounts.
Amid the COVID-19 crisis, the Greek Ministry of Digital Governance has activated a new unified digital portal gov.gr combining (as of 29 March 2020) 506 e-services provided to citizens and businesses. It hosts in a single place all digital services of ministries, state bodies, agencies and independent public authorities. The gov.gr platform is continuously evolving and is expected to become a digital service center that will gather everything a person might need for transactions with the government. This online portal helps to avoid visiting respective authorities in person during the COVID-19 crisis.
In Romania, the nonprofit organisation Code4Romania and the National Authority for Digitalisation have joined forces to create six new platforms aimed to support citizens in dealing with the new coronavirus context. By the end of March, three platforms have already been launched: www.StiriOficiale.ro aggregates all official news and documents related to COVID-19 in Romania; www.DateLaZi.ro provides data visualisation for all COVID-19 cases; www.CeTrebuieSaFac.ro offers practical information and guidance for all situations that Romanians are confronted with during the state of emergency. Three other platforms are expected to be launched in the nearest future: Stăm Acasă/Staying Home will centralise information about people staying in isolation; Diaspora Hub will support and facilitate communication with diaspora; RO Help will centralise all resources and support measures for citizens.
Similarly, the Government of Serbia has launched online portals Covid19.rs, Be Volunteer and Digital Solidarity with the aim to inform and support citizens. Covid19.rs publishes official information from the public institutions regarding COVID-19, as well as the statistical data about detected cases. Given that many elderly citizens are not allowed to leave their homes due to the government’s COVID-19 containment measures, the Be Volunteer platform mobilises people who are willing to help the at-risk population. After being approved by respective authorities, volunteers are contacted by the city and municipal centers with detailed instructions and tasks. The Digital Solidarity platform provides all relevant information about services that citizens can use free of charge. Currently, there are more than 50 services and the call for companies and associations to join the initiative is still open. On this platform, citizens can find information about online education, digital books, movies, music, theatres that are streaming their performances, co-working tools, etc.
The Croatian Ministry of Labour and Pension System released an official statement allowing employers to unilaterally decide that employees should perform their duties remotely (work from home) due to the COVID-19 crisis. In low-risk jobs (office and administrative work) remote work can be in force as well.
Similar measures were undertaken by the Bulgarian Parliament, which stipulated that under the current circumstances and depending on the specific nature of the work, employers may assign outwork or remote work to their employees without their consent. The Ukrainian Ministry of Health plans to include the right to work from home during the periods of quarantine into the Ukrainian labour code. TV broadcasting is also undergoing transformations. In Ukraine, 112 TV channel has adopted a work from home policy in order to minimize the number of people in the studios, with programs being facilitated through online video and audio connections.
In Slovenia, the public administration and several private companies have switched to remote work in response to COVID-19. A similar situation is in Albania. In Georgia all state agencies have made the transition to remote work.
Countries of the SEE+ region have adopted several measures to ensure smooth transition to online learning after the closure of schools and universities in response to COVID-19. In Cyprus, a trial implementation of distance learning solutions was introduced for Nicosia high schools. Teachers were trained to use the designated system, while pupils were surveyed to determine how many of them have access to a computer and the Internet. In Turkey, online learning is facilitated through Internet and television based curriculum. The same situation is in Albania where the Ministry of Education, Youth and Sports is combining online learning with TV based learning for students and pupils who do not have access to the internet. The same approach is adopted in Greece. In Romania several schools are using online platforms, such as Digitaliada, to support teachers, students and pupils in their current online learning process. In Croatia, the start of online schooling was marked by a hacking attack on the distance education system. The case was reported to the police and the problem was shortly resolved.
Telecom operators and service providers have been providing extra Internet traffic and adapting their pricing policy in an attempt to respond to the COVID-19 crisis. In Albania, Telekom Albania offers 50 percent extra of mobile Internet to its users until 30 April 2020. In Romania, Orange Romania is providing 50 GB of additional Internet bonus for 30 days. Telecom operations equally get engaged in facilitating online education and remote working. For instance, Tele2 in Croatia, in collaboration with the Ministry of Science and Education, offers free data traffic for educational content and is providing additional sim cards. Vivacom in Bulgaria supports remote work by granting additional 10 GB of data and offering free access to video on demand (VoD) libraries.
Leisure and entertainment content plays an increasingly important role in encouraging people to stay at home. In Croatia, the VoD provider Pickbox started providing free access to movies, TV shows and documentaries, while telecom operator MTel has unlocked all TV channels’ content until the end of April. Another telecom provider Wind Hellas is contributing to the ‘stay at home’ initiative in Greece. Moreover, in Moldova telecom operator Orange Moldova switched to remote working and reduced work schedule for its shops. At the same time, the Armenian mobile network operator and Internet service provider Ucom cooperate with the Ministry of Education and offer a section on its TV platform for distance learning. Video lessons will be available to subscribers all over Armenia and without extra fees.
In an effort to respond to the COVID-19 crisis, tech companies and startups in Romania are offering their products and services for free. Among available technological solutions are eLearning courses on Covid-19, tools for remote work, online medical consultation on common health problems and psycho-emotional support, personal finance management mobile application, and home study courses. Furthermore, a technology accelerator has launched the Tech Startups United initiative with the purpose to bring together startups with solutions in MedTech, EdTech, digital health, telework, financial and business management, and e-government.
Ukrainian startup Revel Laboratory is using 3D printing technology to produce valves for artificial lungs ventilation machines (ALVM), which are of high demand amid the COVID-19 pandemic. Such a valve allows connecting four patients to one lungs ventilation machine. The idea was borrowed from an Italian company Cooper 3D, but the Italian adapter did not match with the majority of ALVM used in Ukraine. Revel Laboratory improved the model and made it available in open access. The 3D printing project was piloted in the Odesa region by another Ukrainian IT company Infomir, which is ready to launch a large-scale production of around 400 valves and adapters per day to supply all hospitals around the country. Noteworthy that Infomir is currently the single company in the SEE region that has a unique line of 3D printing HP Jet Fusion 5210.
The Bucharest University of Economic Studies (ASE) joined forces with the Romanian blockchain company Modex to open a laboratory dedicated to blockchain technologies. Reportedly, starting from autumn 2020, students from all ASE’s faculties, not only IT, will have access to opportunities that support the development of their digital skills in relation to blockchain. The blockchain lab is expected to host a series of educational events, workshops and scientific conferences for both students and the academic community. ASE will become one of the first universities in the world with a blockchain curriculum.
Ukraine announced its plans to pilot an eDelivery project based on using electronic invoices. The project will be conducted by Ukrainian and Polish companies and will allow both parties to save costs and reduce administrative burden and environmental impact. Feedback and recommendations from participating companies will be collected to further improve and implement the eDelivery project. The companies interested to participate in the pilot are invited to submit an online form. Participation provides the following benefits: testing new technical solution for free; getting familiar with the European standards of electronic invoicing; obtaining new knowledge on the exchange of electronic documents with the EU and the Eastern Partnership countries; and promoting the participating companies as innovative and digital. A common legal and technological framework will allow both countries’ businesses to significantly simplify export/import operations and speed up border crossings.
On 4 March 2020, the National Assembly of Serbia ratified the Protocol amending the Convention 108 for the Protection of Individuals regarding the Processing of Personal Data. The amending protocol, colloquially referred to as the Convention 108+, was adopted in May 2018 with the aim to better address emerging privacy challenges related to the use of new information and communication technologies and to strengthen the implementation of the Convention adopted in 1981. Changes introduced in 2018 include new obligations for data controllers (e.g. guaranteeing the transparency of data processing and notifying of security breaches) and rights for data subjects (e.g. the right to obtain knowledge of the reasoning underlying the data procession, and the right not to be subject to a decision based solely on automated processing, without taking the data subject’s views into consideration).
Human rights advocates around the SEE+ region are concerned about the implications that COVID-19 emergency measures entail for human rights and freedoms. Countries all over the region show a certain degree of similarity when it comes to crisis response. For instance, Armenia, Moldova and Romania have derogated from the provisions of the European Convention on Human Rights to justify suspension of certain civil rights during the coronavirus state of emergency. In Serbia, President Aleksandar Vucic was accused of declaring a state of emergency without a strong constitutional basis. The country also imposed surveillance and phone tracking measures to limit freedom of movement. In its turn, Albania announced harsh penalties for those who ignore curfews. Moreover, Turkey, Serbia and Montenegro have imposed heavy fines and carried out arrests due to social media posts that, according to authorities, cause panic and endanger security. Fortunately for Bulgarian citizens, the parliament upheld the president’s veto on some emergency measures that were introducing increased prison sentences and fines for spreading false information about infectious diseases.
Privacy rights in specific appear to be under attack. In Montenegro, the government has used its official website to publish and constantly update a list of names and addresses of quarantined citizens, thus violating data protection law. Health privacy data rights were also violated in Moldova when the president publicly named the first woman infected with COVID-19. Moreover, Montenegrin and Moldovan governments made public the personal health data of people infected with COVID-19. At the same time, official websites and hospital computer systems in Croatia and Romania suffered from cyber attacks. On a positive note, the Personal Data Protection Agency in Bosnia and Herzegovina issued a decision banning authorities at all levels from releasing personal information about persons who were tested positive with coronavirus, as well as of individuals who have been placed under isolation. Information about those who breach isolation measures may be lawfully published.
In the context of the global fight against COVID-19 pandemic, many countries have introduced tracking measures to combat the spread of infection, identify the movement and contact circle of infected citizens, and help citizens assess their symptoms. These measures raised a lot of concerns with regard to citizen’s privacy and freedom of movement.
The Russian Prime Minister ordered the development of a tracking system for citizens who contacted a COVID-19 infected person by using their mobile phone’s geolocation data. The system will then send mobile notifications asking such persons to self-isolate. This information will also be transferred to regional headquarters established to fight COVID-19 pandemic.
Furthermore, the Armenian government suggested to its citizens to use a mobile application AC19, which helps to identify if a person has COVID-19 symptoms and needs medical help. There are suspicions that the Iranian government is using the AC19 app (developed in Iran) to collect data on the movement of its citizens. The application indeed requests users’ permission to see their location, however, a user can deny this request and still fill out the questionnaire.
The Albanian government has developed an app for vehicles’ self-certification to be used by citizens who have to go to work or to use their vehicles for health related emergencies. All other citizens’ movements are limited from 5 am till 1 pm, while from 29 March just one family member is allowed to do essential shopping through a self-certification obtained on the e-Albania portal. Citizens without Internet access can require self-certification via SMS.
Meanwhile, the Croatian Parliament has been discussing amendments to the Electronic Communications Act. According to the bill, ‘in extraordinary situations, the health minister would ask telecommunications companies to provide data on the locations of users’ terminal equipment’. The bill has raised a number of concerns related to its potential to limit the citizens’ rights to freedom of movement and privacy, without providing clear criteria for its application and sufficient safeguards. The bill was sent to the Constitutional Court to assess whether it is limiting citizens’ rights.
With more and more countries declaring state of emergency in response to the new coronavirus crisis, new measures have been enforced by governments to combat disinformation and the spread of panic. National authorities (ranging from telecom regulators to police) have been empowered with new duties, including censoring any information deemed to be false or spreading panic, and imposing fines or other punitive measures on media agencies and social networks for non-compliance.
In Armenia and Moldova, media outlets are requested to publish only information cited by official sources, with Moldovan journalists being explicitly forbidden to express or facilitate any personal opinion on the COVID-19 topic.
In Romania, a new regulation allows authorities to remove the content or block entire online platforms in case no communication can be established with the platforms’ owners. Nevertheless, the Ministry of Internal Affairs particularly highlighted that such measures do not apply to established media outlets, whose owners are well-known and with whom the government has a continuous dialogue. By the end of March, one platform was already blocked due to a failure to identify the owner or any other contact person.
Reportedly, in Armenia, a notable situation was created when newspapers were requested to edit their contents even when they were reporting on situations in other countries. The Yerevan Press Club expressed concern that limited information might equally cause panic among people as Armenian journalists are unsure whether they can ‘publish/disseminate information that has been announced by officials of foreign countries and international organisations’. In response, the Armenian government has amended its decree and allowed media outlets to refer to foreign media outlets providing relevant citations.
In Russia, while no new legislation was adopted, the media regulatory agency Roskomnadzor and the General Prosecutor’s Office were authorised to enforce the Federal Law on Information in the new COVID-19 context. According to public reports, various Russian media outlets and international social networks (Facebook, Twitter) have already received content removal requests.
Noteworthy that the civil society organisations in all the above mentioned countries have criticized such measures, fearing serious limitations of the freedom of expression and subjective news interpretation. At the same time, the Organization for Security and Cooperation in Europe (OSCE) has explicitly criticised the new restrictive measures introduced in Armenia, Azerbaijan, Bosnia-Herzegovina and Russia. After the Armenian government amended its decree, the OSCE welcomed Armenia’s speedy reaction to the raised concerns.
Upcoming deadlines
All stakeholders are invited to submit workshop proposals for the 15th annual meeting of the Internet Governance Forum (IGF) through the workshop application e-form. This year, the IGF agenda will be built around four priority thematic tracks: Data, Environment, Inclusion, Trust. The evaluation process will be based on six major criteria: Content, Diversity, Relevance, Interaction, Policy Questions and Format. More information about the application process and workshop manual can be found here.
Organisations interested in arranging pre-events or ‘Day 0’ events are invited to submit their requests through the Day 0 application e-form. Pre-events will be held on 2 November 2020. Slots are allocated on a first-come, first-served basis, taking into account space availability, the relevance of the requests received, regional and stakeholder balance.
During the annual IGF meeting, interested stakeholders can display or distribute relevant information about their Internet governance-related activities at the IGF Village. Booths are of limited availability. Interested organisations can apply to host a booth at the IGF Village through the IGF Village application e-form.
A limited number of eligible candidates from developing countries will be supported financially to participate at the 15h IGF annual meeting, on 2-6 November in Katowice, Poland. Interested candidates are invited to submit a Travel Support Application e-form.
The application deadline for all the above calls is 15 April 2020, 23:59 UTC
42 Yerevan, a programming school designed to train coders of the future, is now accepting applications. The project was initiated by the EU-TUMO Convergence Center for Engineering and Applied Sciences, and is a part of a broader network of France-based School 42, joining campuses in Seoul, Helsinki, Rio de Janeiro, Moscow, and 16 other cities all around the world. Studying is completely free, and gives everyone an opportunity to access high level education irrespective of financial situation. Anyone over the age of 18 can apply to study at 42 Yerevan, with no previous knowledge in the field being required. After submitting an application, candidates should pass a logic-based test and if successful, they will be invited to the orientation meeting in April-May 2020. During the meeting, applications will be reviewed, while the students will learn more about the programme and meet the staff. During four weeks in June-August 2020, selected applicants will be invited for a trial period. The candidates who successfully complete this last stage will begin their studies in September 2020.
Free online courses and tools for remote work
- Estonia | Digital education tools
- 190 universities worldwide | 600 Massive Open Online Courses (MOOC)
- Ivy League schools (Brown, Harvard, Cornell, Princeton, Dartmouth, Yale, and Columbia universities, and the University of Pennsylvania) | 300 online courses
- British Council | Online courses with free certificates
- Ukrainian educational platforms Prometheus, Edera, ВУМonline, Wisecow | 120 online courses
- Yale University | Online course on The Science of Well-Being
- Online education platform Coursera | 3 800 courses and 400 specializations
- Goethe Institut | Kinderuni – online university for kids between 8 and 12 years old
- Microsoft Teams | Paid version in free access for six month
- Google Hangouts | Advanced features in free access for all G Suite and G Suite for Education customers until 1 July 2020
- Cloudfare for Teams | Enterprise-grade features in free access for small businesses until 1 September 2020
- Adobe | Temporary ‘at-home’ access to Creative Cloud apps for students and educators until 31 May 2020, and a free 90-day access to Adobe Connect
- LogMeIn GoToMeeting | Free desktop version for three months
- Webex | Expanded list of features in free version, and free 90-day business licenses for advanced features
- 111 tools for Remote Work | Communication, collaboration and productivity, marketing, software and security support, research and development, recruiting and accounting, etc.
***
Editorial note
The SEEsummary is produced on a best effort basis, by our team of volunteer editors. Each month, the editors scan local and regional media, as well as websites of public institutions and other organisations, and compile what they find to be some of the most significant digital policy developments.
The SEEsummary does not claim to be a comprehensive source of information. Despite our efforts, we may miss some things happening across the region. To help us cover as many significant developments as possible, we invite you to share with us news from your countries.