SEEsummary #35 | February 2020
Issue no. 35 of the SEEsummary, published on 3 March 2020, by SEEDIG, in collaboration with DiploFoundation and the Geneva Internet Platform.
This issue covers Internet governance and digital policy developments that occurred in South Eastern Europe and the neighbouring area (SEE+) in late February 2020. Also included: a list of upcoming events (March 2020) and an overview of upcoming capacity development and other opportunities for SEE+ stakeholders.
Contributors to this issue: Maja Ćalović, Katarine Gevorgyan, Liljana Ilieska Pecova, Aleksandra Ivanković, Vasile Popa, Veronica Ștefan, Sorina Teleanu. Design : Charalampos Kyritsis
Romania and Bulgaria have signed the European Union’s Declaration on Quantum Communication Infrastructure (QCI), an initiative aiming to boost European capabilities in quantum technologies, cybersecurity and industrial competitiveness. The two countries joined other 24 EU member states committed to working with the European Commission and the European Space Agency towards developing and deploying the European QCI, within the next ten years.By the end of the year, each signatory country is expected to prepare an individual action plan. This step is particularly important, as the final goal of the QCI initiative is to ‘protect national and cross-border critical infrastructures, sensitive communications, financial transactions and ensure the long-term storage of sensitive data in areas such as healthcare and national security’.
In North Macedonia, the Agency for Electronic Communications (AEC) has launched a public consultation on the allocation of 5G licenses. As outlined in the consultation document, AEC intends to (1) apply the public tender with public bidding procedure for allocating 5G frequency bands; (2) reserve certain portions of the available bands for a new network operator (as an incentive to increase the number of mobile network operators and foster market competition); and (3) award 5G licenses for a period of 15 years, with the possibility of extension for another 5 years. The document also provides details on issues such as intended areas of use for the available 5G frequency bands and coverage conditions for operators. It is the agency’s intention to allocate the 700 MHz and the 3.6 GHz frequency bands in the second half of 2020, while the 1500 MHz and 26 GHz are to be allocated according to market interest. Market operators are invited to share their views on these plans until 6 March 2020. The Agency’s 5G-related plans are in line with the National Broadband Plan adopted by the North Macedonian Government in April 2019.
The Russian Federal Service for Technical and Export Control (FSTEC) has proposed a draft government order which would prohibit the use of foreign information technology (IT) for critical national infrastructures. The overall aim of the proposed policy is to increase the technological sovereignty of critical infrastructures, systems and networks essential for the functioning of the economy. The draft order is an addition to legislation passed in January 2018 that requires the owners of critical infrastructure to report cybersecurity incidents to the FSTEC. So far it is not known which foreign companies could be banned. If the proposed policy is adopted, it will apply to industries such as defence, transport, communications, credit and finance, energy, fuel, nuclear, space, mining, metals and chemical, as well as the information systems of state departments.
Mobile network operator MTS has announced the successful connection of 5G base stations in Moscow, Russia, to a high-speed transport network. More specifically, 5G MTS base stations located in the permanent pilot zone of VDNH exhibition centre were connected to XGS-PON equipment installed on the company’s transport network. According to the statement of the operator, the base stations, regardless of the equipment manufacturer, are operating normally, and in 2020 the 5G pilot zone will operate in most of the territory of the exhibition centre. After connecting 5G base stations to XGS-PON fibre-optic networks, the network bandwidth will increase several times, providing data transfer at speeds of up to 10 Gbps and higher.
In Russia, the Coordination Center for TLD .RU/.РФ announced the entry into force of updated versions of its Terms and conditions of domain name registration in .RU and .РФ and the Policy on the procedures applicable to domain name disputes’.
The Terms and conditions of domain name registration in .RU and .РФ now include the list of domain names reserved for government purpose. This change was needed because the Policy on reserving domain names in the .РФ domain for government purposes expired on 30 November 2019, but some of the domain names reserved have not been used so far. With their inclusion into the overall Terms and Conditions, the domain names remain reserved. Changes to the Policy on the procedures applicable to domain name disputes cover issues related to (1) actions taken by domain name registrars to impose restrictions on operations with domain names that are subject to litigation; and (2) the exercise of priority domain name registration rights following the enactment of a court decision on the merits of a domain name dispute. These revisions are intended to prevent cases when the Policy could be subject to ambiguous interpretation.
The University of Economic Studies in Bucharest, Romania, in partnership with Microsoft Romania, has launched the AI Lab Cloud. Reportedly, the lab will offer University’s students, professors and researchers access to unlimited computational resources and processing power. Starting with March 2020, 11 cloud experts are expected to deliver classes that will enable students to advance their technical skills, as well as to develop their capacities for innovation and business development. The curriculum includes the use of virtual infrastructure to test and develop artificial intelligence (AI) algorithms, machine learning, as well as to develop new applications and platforms. The initiative is part of Microsoft’s programme ‘Cloud-Enabled Laboratory’, first launched in the West University of Timisoara, Romania.
The mayor of Moscow, Mr Sergei Sobyanin has said that the city authorities are using facial recognition technology to ensure people stay in coronavirus quarantine. All Russian citizens who returned to the country are ordered to stay in self-isolation for two weeks, even if they do not have any symptoms. Also, as a prevention measure, Chinese are prohibited from entering Russia. So far, some 2 500 people have to stay in quarantine, and facial recognition is used as a measure to identify the ones who violate the order. Moscow started using facial recognition technology as part of the city security surveillance programme last month.
The LEPL Academy of the Ministry of Finance of Georgia hosted a training for financial crime investigators on cybercrime and e-evidence, as a part of the ‘CyberEast: Action on Cybercrime for Cyber Resilience in the Eastern Partnership Region’ project jointly run by the European Union and the Council of Europe. The training was led by experts from the UK and the Netherlands who explained to participants concepts of cybercrime and electronic evidence investigations, as well as forensics in dealing with financial fraud investigations. All training materials were adapted to the Georgian context. This five-day course is the first in a series of training activities which aim to transfer knowledge and eventually include these materials in the standard curriculum for investigators’ training in Georgia.
Supported by the European Union Agency for Law Enforcement Cooperation (Europol), the Cybercrime Unit of the Bulgarian General Directorate Combating Organised Crime of the Ministry of Interior and the Bulgarian Supreme Prosecutor’s Office of Cassation completed an investigation of six companies involved in the illegal distribution of Internet Protocol television (IPTV) services in the cities of Sofia and Varna and the region of Burgas. The authorities searched 17 houses and seized a large number of documents and digital information as evidence of illegal activities, concluding that over 30 000 people were subscribed to the illegally distributed services. Following the action, one of the involved companies was fined EUR 650 000 and six pre-trial proceedings were opened.
Georgia, the UK, the USA and other countries have accused Russia of being behind the cyber-attack which occurred on 28 October 2019 in Georgia. The cyber-attack, described as the largest in Georgia since 2008, affected up to 15 000 websites of public authorities, non-governmental organisations, private companies, as well as the national TV station. The Ministry of Foreign Affairs of Georgia has said that the attack was conducted by the Russian military with an intention to destabilise the government and other organisations and cause panic among the citizens. The UK and the USA supported the statement of the Georgian ministry by attributing cyber-attack to Unit 74455 of Russia’s military intelligence service also known as the GRU and qualifying the act as ’totally unacceptable’. The European Union has condemned the cyber-attack and called for collaboration and responsible behaviour in cyberspace. Russian officials have rejected the allegations saying that Russia has neither planned nor is it planning any kind of involvement in Georgia’s internal affairs.
The Croatian Institute for Youth Development & Innovation (IRIM), with the financial support of Google, is launching the project Digital Citizen 2.0, to improve and develop digital skills among local communities in Bosnia and Herzegovina, Croatia, Serbia, and Kosovo*. As part of the project, public libraries will be transformed into digital centres for innovation and development of digital skills; new educational material will be developed and made available in digital format, and the libraries will be equipped with new equipment. Digital Citizen 2.0 builds on a previous project which equipped over 170 schools with educational technologies, trained almost 400 librarians on how to teach digital skills, and organised over 1500 free workshops attended by more than 13 000 people.
On 27 February 2020, the Government of Serbia adopted the Strategy for the Development of Digital Skills in the Republic of Serbia for the period 2020-2024. The adopted strategy outlines goals and activities aimed at improving digital competences in the education system, improving basic and advanced digital skills among citizens (including vulnerable groups), fostering lifelong education for professionals in the digital sector, and preparing the workforce of the requirements of the labour market in the digital age. The State Secretary at the Ministry of Trade, Tourism and Telecommunications of Serbia, Ms Tatjana Matić, said that the strategy is an important step in overcoming the digital divide.
The Government of Ukraine and the European Union have concluded an agreement for a EUR 25 million programme dedicated to supporting e-governance and the digital economy in Ukraine. The funds will be allocated primarily to support progress in the areas of electronic inventories, data exchanges between public registries, electronic services, digital IDs, and security and data protection. According to Ukrainian Prime Minister Oleksiy Honcharuk, the government plans to digitalise 80% if the most demanded public services in 2020, and to complete the digitalisation of all public services by 2024.
The Government of North Macedonia and Mastercard have announced a partnership on the development and deployment of digital identity solutions and related services (e.g. digital document signing and verification). The envisioned digital solutions will provide citizens with an efficient and secure modality to prove their identity when accessing government and business services. The planned digital identity service is based on a distributed model that eliminates the need for a centralised identity database, and it builds on Mastercard’s user-centric approach outlined in a Principles of Digital Identity vision paper. The government indicated that the partnership with Mastercard does not mean that citizens and public authorities would be required to use Mastercard solutions exclusively; instead, similar services will be developed in cooperation with other service providers. Although both Mastercard and government officials have promised a safe and reliable digital ID solution, concerns have been raised with regard to potentially insufficient privacy and data security considerations.
The Russian Ministry of Communications has developed a draft law aimed at regulating the big data market. The proposed regulation introduces definitions for concepts such as big data, big data operator, and big data processing, and it gives Roscomnadzor, the Russian telecom regulator, the responsibility of supervising the big data market. To do this, the regulator would create a register of big data operators. The government would set the overall rights and obligations of big data operators active in the country. Several IT and telecom companies criticised the bill as being raw and ill-conceived. An industry group which includes Rostelecom, Yandex, Mail.ru Group, Megafon and Beeline said that the adoption of the new law would have a negative impact on the big data market and market players.
The Parliament of North Macedonia has adopted a law on personal data protection, which brings national legislation in this field in line with the EU General Data Protection Regulation. The law applies to wholly or partially automated personal data processing, if the controller or processor is established in the territory of the Republic of North Macedonia, and irrespective of whether the data is processed in the country or beyond its borders. Legal provisions are introduced on issues such as principles and lawful bases for data processing and data subject rights. The law also introduces a mechanism allowing the data protection authority to provide advice on draft laws or regulations concerning the processing of personal data. The existing Directorate for Personal Data Protection changes its status into an Agency for Personal Data Protection, to function as an autonomous, independent, and impartial authority.
The Romanian Constitutional Court has ruled as unconstitutional the Ordinance no. 62/2019 introducing the compulsory registration of prepaid SIM cards, including the storing for five years of users’ personal data such as name, address, personal identification number. The main declared aim of this legislation was to improve the operation of the 112 emergency number. The Court found that the government did not justify the urgent reasons and the extraordinary context to pass such legislation, thus, dismissing it on procedural grounds. Furthermore, considering that the government postponed the application of the SIM registration provision twice, the Court argued that the situation explicitly confirmed the ordinance’s lack of urgency.
The decision of the Court comes after the Romanian Ombudsman had signalled that the ordinance lacked urgency and that it was limiting the privacy and fundamental freedoms of users, without ensuring the proper guarantees to protect them, in line with European regulations.
According to the NetBlocks Internet observatory, access to Facebook, Twitter, Instagram, YouTube, and WhatsApp was blocked in Turkey on 27 February 2020 starting 23:00 local time. The restriction was initially imposed by national provider Turk Telecom, and other leading service providers followed shortly after. Reportedly, the restrictions were imposed in the context of the military operations in Syria, to avoid further spread of online disinformation related to the number of casualties. Access to social media was restored starting the afternoon of 28 February.
The Pechersk district court of Kyiv, Ukraine issued an order requiring Internet Service Providers to block access to 59 web resources, including websites of large bookmakers, online casinos, as well as some publications such as the Vgolos, Capital and other. The decision of the court, dated 27 January 2020 was announced on 11 February 2020 by the National Commission for the State Regulation of Communications and Informatization (NCCIR). According to the Commission, the order was motivated by intellectual property rights violations and the illegal provision of gambling services.
Organisers of the POINT 9.0 conference are inviting individuals who work at the intersection of activism, political accountability and new technologies in Southeast Europe to submit a proposal for a short (up to 15 min) presentation about their work in the field. Organisers are also offering travel and accommodation fellowships. The deadline for applications is 15 March.
The Cybercrime Programme Office of the Council of Europe (C-PROC) is inviting candidates to apply for a position of Project Assistant for programmes aimed at strengthening criminal justice capacities on cybercrime and electronic evidence. Applications must be submitted in English or French using the Council of Europe on-line application system. Detailed information about the position and requirements can be found in the call. The deadline for applications is 31 March 2020.
The SEEsummary is produced on a best effort basis, by our team of volunteer editors. Each month, the editors scan local and regional media, as well as websites of public institutions and other organisations, and compile what they find to be some of the most significant digital policy developments.
The SEEsummary does not claim to be a comprehensive source of information. Despite our efforts, we may miss some things happening across the region. To help us cover as many significant developments as possible, we invite you to share with us news from your countries.