July & August 2020
Issue no. 40 of the SEEsummary, published on 3 September 2020, by SEEDIG. This issue covers Internet governance and digital policy developments that occurred in South Eastern Europe and the neighbouring area (SEE+) in July and August 2020. Also included: a list of upcoming events in September.
Country contributors to this issue: Katarina Gevorgyan, Ana Jovanović, Sarkhanbay Khuduyev, Mariam Tsiklauri. Editors: Maja Calovic, Grațiela Dumitrescu, Aleksandra Ivanković, Olga Kyryliuk, Neli Odishvili. Coordination and final editing: Olga Kyryliuk. Design : Charalampos Kyritsis.
In July, the Ministry of Transport, Infrastructure and Communication of Romania initiated a public debate on the draft law aimed at the establishment of a mechanism for prior authorisation of producers of technologies, equipment and software used in information and communication infrastructures of national interest, as well as in electronic communications networks used for the provision of 5G services. The introduction of an authorisation regime is expected to reduce risks to national security and defense. Under the draft law, the authorisation is granted by the decision of the Prime Minister upon the recommendation of the Supreme Council of National Defense (CSAT), within four months after submission of an application. Applicants must provide information regarding legal representatives, shareholders, parent company, as well as a declaration that they cumulatively fulfill the following eligibility criteria: the company is not controlled by a foreign government, does not have a history of unethical corporate behaviour, and is not subjected to an independent justice system in the home country. The technologies, equipment and software from unauthorised providers currently used in 5G networks could stay in use for a maximum of five years upon the adoption of the draft law. The draft law envisages fines for failure to comply with its requirements. The consultation process ended on 17 August.
From 9 to 12 August, authorities in Belarus severely restricted Internet access amid the controversial electoral process followed by large-scale protests. The disruption lasted for a total of 61 hours, leaving access only to 2G networks, permitting text messages, and voice calls. President Alexander Lukashenko, the National Centre for Response to Computer Incidents, and Beltelecom, the state Internet service provider, blamed foreign cyber-attacks for the disruption. But independent experts attributed it to government interference. According to nonpartisan connectivity tracking group NetBlocks, the authorities first resorted to deep packet inspection, which allows filtering web traffic and blocking access to specific sites, and then proceeded with a more comprehensive outage at the network layer, expanding even to virtual private networks. Since 12 August, Internet disruptions regularly repeated in the context of larger protests. The official registry of websites with restricted access can be accessed only by authorities and Internet service providers. In response to Internet disruptions, over 50 human rights organisations in Belarus signed an open letter addressed to three special rapporteurs of the Office of the United Nations High Commissioner for Human Rights requesting their interference.
In July, as a result of a joint operation, Romanian and Italian national police forces dismantled a criminal group that operated from Romania and Italy and targeted victims all over Europe. Criminals used cyber scams, such as rental fraud and CEO fraud, convincing victims to transfer money to Italian bank accounts of money mules that were part of the money-laundering scheme. The overall revenue of the organised criminal group was evaluated at EUR 20 million. Police in both countries conducted searches and seizure of assets for an estimated value of EUR 1.5 million. Four individuals were arrested in Romania. For this operation, Europol provided information and analytical support, verified operational information against its database, while Eurojust facilitated the coordination of the action and cooperation between judicial authori
Romania adopted amendments to national legislation on domestic violence and included under its scope cyber harassment. According to the law, cyber violence occurs when the perpetrator shames, humbles, scares, threatens, or silences the victim by using online threats or messages. Sending intimate graphic content without the receiver’s consent equally falls under the scope of the cyber harassment definition. The new law was adopted following a ruling against Romania by the European Court of Human Rights (ECHR) earlier this year. In the case, a woman claimed that her former husband accessed her Facebook profile and made copies of her private conversations and images. While the Romanian court dismissed her request to use the family computer as evidence, the ECHR stated that Romania failed to take into consideration the various forms that domestic violence can take. The new law tasks the National Agency for Equality of Opportunity between Women and Men with promoting research in the field of artificial intelligence in order to prevent risks of cybernetic violence. Some experts and activists are calling for broadening the scope of the law to include not only domestic violence but also cyber violence between strangers.
During the first six months of the year, 68 web resources under the .az country code suffered from numerous cyber-attacks in Azerbaijan. It is a 28 percent increase compared to the same period in 2019. It was reported that hacking became possible due to improperly encoded information on 37 resources, and unsatisfied security on servers of another 31 resources. Moreover, 12 web resources were hacked repeatedly after they failed to take the necessary measures to eliminate deficiencies after the initial attack. Experts also identified improper configuration of servers, with 77 percent of resources established on Linux, and 23 percent on Windows.
In July, North Macedonia suffered several cyber-attacks. The first two occurred during the election day on 15 July 2020, when the State Electoral Commission and the country’s most popular news aggregator Time.mk were disrupted with DDoS attacks. While the website of Time.mk was promptly recovered, the Commission’s website remained inactive for a few days, which contributed to the delay with publishing preliminary election results. The hacker group called AnonOpsMKD claimed responsibility for a cyber-attack directed against Time.mk but denied hitting the Electoral Commission. Later in July, the same hacker group attacked websites of the Health and Education ministries.
On 27 August 2020, the Government of the Russian Federation approved the federal project ‘Artificial Intelligence’ (AI) aimed at supporting scientific research; creating an end-to-end system of legal regulation, development and software design; increasing the availability and quality of data; increasing in the availability of hardware; and promoting knowledge among the population. The responsibilities under the project are divided between three key institutions. The Ministry of Economic Development is in charge of the AI ecosystem development. The Ministry of Telecom and Mass Communications coordinates the implementation and formation of data sets. The Ministry of Industry and Trade is taking care of the development of domestic hardware complexes and chips. The AI project is strongly focused on the development of AI research centres, trusted systems, computer vision, synthesis and speech recognition, as well as ethical aspects of the use of AI technologies. It also envisages support for software developers and targets to create an ecosystem of developers by, inter alia, providing grant support to small enterprises, creating open libraries, and carrying out a series of hackathons.
According to the recent United Nations E-Government Survey, all countries demonstrated an improvement under the E-Government Development Index (EGDI), which is used to measure the readiness and capacity of national institutions to use information and communication technologies to deliver public services. Europe remains the leader, with the highest proportion of countries in the very high EGDI group (58 percent). Countries from SEE+ region ranked as follows: Cyprus – 18th, very high; Slovenia – 23rd, very high; Russia – 36th, very high; Belarus – 40th, very high; Greece – 42nd, very high; Bulgaria – 44th, very high; Croatia – 51st, very high; Turkey – 53rd, very high; Romania – 55th, very high; Serbia – 58th, high; Albania – 59th, high; Georgia – 65th, high; Armenia – 68th, high; Azerbaijan – 70th, high; North Macedonia – 72nd, high; Montenegro – 75th, high; Moldova – 79th, high; and Bosnia and Herzegovina – 94th, high. Compared to the previous survey, Bulgaria, Croatia, Romania, and Turkey moved from the high to the very high EDRI group.
Following national stakeholder consultations conducted earlier this year, the EU4Digital initiative, which promotes digital economy and society in line with EU norms and practices, presented action plans and recommendations for national policy transformations in six Eastern Partnership countries. A specific policy area was identified for each country. In particular, for Armenia it is Intellectual property rights management for digital innovations; for Azerbaijan – New organisational forms in support of ICT Innovation; for Georgia and Ukraine – Digital innovation SMEs’ access to finance; for Moldova – ICT innovation ecosystems for start-ups and scale-ups; and for Belarus – Digitising industry (digital transformation of SMEs in traditional sectors). Prior to putting together action plans and recommending specific EU tools for their implementation, the Facility examined best EU practices and conducted gap analysis in each country. It also prepared a list of over 200 EU organisations with advanced practices of innovation policy implementation that could be considered as potential partners. The implementation of the action plans is expected to be funded from national and EU sources and run with the involvement of all interested stakeholders at the national level.
Rostelecom, Russia’s largest digital service provider, and Waves Enterprise, a company providing hybrid blockchain platform solutions, are working together on the development of an electronic voting system requested by the Central Electoral Commission. The system will be based on blockchain technology with a high level of information security. The system underwent testing in August and is planned to be used for the first time on 13 September for remote voting during the elections for the State Duma deputies representing Kursk and Yaroslavl regions. About 15 000 people already registered to vote electronically, and around 3 500 participated in the testing. Although the user tests were reported as promising, improvements are still needed regarding voters’ identification. Since the system uses homomorphic encryption, votes can be decrypted only after the voting is over.
According to digital skills assessments in EU member states released by Eurostat, the EU statistical office, Croatia has the highest share of individuals aged 16 to 24 with basic or above basic overall digital skills (97 percent). It is followed by Estonia, Lithuania, the Netherlands (93 percent each), and Greece (92 percent). By contrast, the lowest shares were observed in Romania (56 percent), Bulgaria (58 percent), Italy (65 percent), Hungary (68 percent), Latvia, and Luxembourg (75 percent each). Data was published on the World Youth Skills Day and showed that in 2019 in the EU four in five young people (80 percent) aged 16 to 24 had basic or above basic digital skills being the two highest levels of the overall digital skills indicator. The indicator itself is based on selected activities performed by individuals on the Internet in four specific areas, namely information, communication, problem-solving, and software.
Teach for Armenia, a non-governmental organisation promoting equality in education with a specific focus on rural areas, partnered with Armenian network operator Ucom for the Virtual Student Leadership Camp. Under the partnership, the operator provided 370 data cards for power devices used by students residing in 24 rural communities. The donation is aimed at helping students access the Internet and continue the learning process as education moves online due to the COVID-19 pandemic. The Virtual Student Leadership Camp lasted for three weeks and provided learning opportunities to hundreds of Teach for Armenia students who were trained to create innovative project proposals promoting local creativity, civic responsibility, and global connectivity within their communities.
The Ministry of High-Tech Industry of Armenia launched the Armenian Virtual Bridge project aimed at connecting the technological community of Armenia, the world’s leading technological centres and Armenian technological diaspora, as well as empowering local start-ups to build direct communication with the Silicon Valley. The project will introduce Armenian engineers to industrial markets, entrepreneurs, and investors from around the world. Participation in the project is expected to help Armenian companies understand the Silicon Valley culture, and learn approaches that turn ideas into opportunities. Under the project, a selected group of 45 entrepreneurs from Armenia will get an opportunity to visit Silicon Valley in 2020 to present their products and negotiate with potential investors to fund their projects. Soon, an Armenian centre is planned to be opened in Silicon Valley. Additionally to the educational elements, the Armenian Virtual Bridge will work on financing IT companies in Armenia through several instruments, including Armenia’s National Venture Fund. Apart from the Silicon Valley, the project envisages cooperation with the Gulf region.
A one-of-a-kind SEE Digital Rights Network was launched by two non-profits – Balkan Investigative Reporting Network and SHARE Foundation – and united 16 other organisations from South East Europe, namely from Albania, Bosnia and Herzegovina, Croatia, Greece, Kosovo*, Montenegro, North Macedonia, and Serbia. The network has a specific focus on the digital environment and digital rights. Its creation was accelerated by the COVID-19 pandemic revealing a lot of challenges and threats to digital rights. The network is aimed at improving the capacity of member organisations, making the Internet a safer place, protecting digital rights and freedoms, detecting and reporting hate speech, protecting personal data, preventing the implementation of intrusive surveillance systems, holding governments accountable for the use and abuse of technology and improving digital literacy. It also intends to work on strengthening democracy in the region and protecting individuals in the digital environment. Moreover, it can be used by member organisations and media as a platform for discussion and exchange of views in order to enhance the impact of their individual efforts directed towards legislative, political, and social changes.
On 2 July 2020, the Permanent Representative of Bosnia and Herzegovina to the Council of Europe, Ambassador Ivan Orlić signed the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. The amending protocol, colloquially referred to as the Convention 108+, was adopted in May 2018 with the aim to better address emerging privacy challenges related to the use of new information and communication technologies and to strengthen the implementation of the Convention 108 adopted in 1981. Changes introduced in 2018 include new obligations of data controllers (e.g., guaranteeing the transparency of data processing and notifying of security breaches) and rights of data subjects (e.g., the right to know the reasoning behind the data processing, and the right not to be subject to a decision based solely on automated processing). Bosnia and Herzegovina became the 40th signatory of the Convention 108+.
The Parliament of Romania adopted a new law according to which the country will start issuing electronic ID cards in 2021. The ID cards will be issued at birth or at the request of the parents and can be valid for two, four, or ten years, depending on the age. ID cards are currently issued when an individual turns 14. Children aged up to 14 years can receive a regular or an electronic ID card valid for two years, while those aged between 14 and 18 will receive ID cards valid for four years. Those older than 18 will receive an ID card valid for ten years. The electronic ID card will include the individual’s name, gender, citizenship, date and place of birth, personal identification number, residence address, handwritten signature, and parents’ names. It will also include biometric data, such as the portrait photo and the scan of two fingerprints. Now, the government has to adopt norms to outline the implementation mechanism.
On 27 July, the Ministry of Health of Croatia introduced a COVID-19 tracing app allowing infected people to anonymously inform other app users about possible exposure to coronavirus. The application called ‘Stop COVID-19’ was created by APIS IT, one of the leading Croatian technology companies. The app is voluntary, uses temporary and anonymous data, and will be disabled once the pandemic is over. ‘Stop COVID-19’ can operate both on Android and Apple mobile phones, uses Bluetooth technology, and has inbuilt cross-border interoperability. Once the contact with the infected individual occurs, the user is notified by text of high, medium, or low risk based on predefined parameters. In Slovenia, the #OstaniZdrav (#StayHealthy) mobile app was presented by the Ministry of Public Administration in mid-August. The app is anonymous, has no tracking functionalities, and functions via Bluetooth. It informs about contact with other users who may be infected or were in contact with an infected person without being aware of it. The application does not reveal the location or the identity of the infected person, it only indicates that two persons actually met. The application’s functions may be disabled at any time or the application may be deleted itself. The person with a confirmed infection may voluntarily share this information with other users (by sharing a special ten-digit code that is entered in the application).
According to a recently published report Monitoring media pluralism in the digital era, EU member states, two candidate countries , and the UK demonstrate a general stagnation or deterioration of media pluralism and media freedom. The report assesses risk indicators in the areas of basic protection, market plurality, political independence, and social inclusiveness during 2018–2019. None of the analysed countries is totally free from risks to media pluralism. Eight SEE+ countries included in the report scored the worst in terms of the market plurality (high risk in almost every country). In three other areas, the risks vary from middle to high depending on the county. Albania scored medium risk under the basic protection of media pluralism and political independence, and a high risk under the market plurality and social inclusiveness criteria. In Bulgaria, high risks were detected in the areas of market plurality, political independence and social inclusiveness, while the basic protection area is at a medium risk level. Croatia was found as being of high risk for social inclusiveness and market plurality, and a medium risk for basic protection and political independence. Market plurality and social inclusiveness are at high risk in Cyprus, while basic protection and political independence are at medium risk. In Greece, a low risk for media pluralism is identified in the area of basic protection, and all the other areas have a medium risk score. Romania showed a high risk in all areas except the basic protection where it has a medium risk. Market plurality and political independence are areas that present a high risk for media pluralism in Slovenia, while basic protection and social inclusiveness are at medium risk. Turkey scored a high risk in all four areas of the Media Pluralism Monitor.
Facebook removed 35 accounts and 3 pages from its platform, as well as 88 Instagram accounts for their engagement in coordinated inauthentic behaviour, focused on the upcoming US elections. Fake accounts were managed from Romania, but posts and comments were published on behalf of Americans. While some pages were voicing support for President Trump and his election campaign, publications also reflected support for the campaign by African Americans, conservative ideology, Christian beliefs and Qanon. Some publications were a simple reposting of stories by American news networks and the Trump campaign. The reach of fake accounts and pages was not very high (1 600 accounts following Facebook pages and 7 200 people tracking Instagram accounts). The investigation failed to identify a clear motivation of the Romanian group – whether it was about money, ideology, or governmental directive.
Facebook imposed stricter transparency rules for political advertising in Georgia and Montenegro ahead of upcoming elections. According to new rules, everyone who wants to create or edit ads related to political parties, political figures, or elections targeting these two countries will have to undergo an authorisation process. Such ads will be then marked with the text ‘Paid for by’. In Facebook’s Ad Library, alongside political ads users will be able to see who ordered and paid for them, the associated costs, targeted geographic area, and age group.
On 29 July 2020, the Parliament of Turkey passed a law that gives authorities more controlling powers over social media. Under the new rules, international social media platforms are required to appoint a local representative in Turkey and promptly react to court orders on blocking or removal of content. Failure to comply with the law could lead to fines up to 30 million Turkish Lira (approx. EUR 3.4 million) and bandwidth reductions making social media networks too slow. On top of that, the law requires social media providers to store user data in Turkey. Authorities claim that such regulation is necessary for protecting social media users and combating cybercrime. On the other side, the opposition stressed that the law would lead to further deterioration of freedom of expression in the country. International organisations stated that the law would increase censorship and curtail human rights online.
In July, the Government of Georgia proposed several amendments to the Electronic Communication Act. Among the most disputable changes is the suggestion to extend the powers of the Georgian National Communications Commission – the regulatory body in the broadcasting and electronic fields. If the amendments are adopted, the Commission will be able to appoint its representative as a manager of organisations operating in the field in case they fail to pay fines or enforce decisions made by the Commission. The representatives are recommended to be appointed for a period of two years and be accountable only before the Commission. For the bill to pass it has to be supported by at least 76 out of 150 members of the Parliament, with the ruling party having 92 representatives. The opposition disapproves of the amendments claiming that they will likely interfere with the freedom of media in the context of the upcoming parliamentary elections. On top of that, nine telecom companies expressed their discontent with the legal initiative, called it contradictory to the Constitution, and complained about the lack of prior consultation. In its turn, the Communications Commission favours the legislative novelty and denies interfering with the freedom of media.
The SEEsummary is produced on a best effort basis, by our team of volunteer editors and contributors. Each month, the editors scan local and regional media, as well as websites of public institutions and other organisations, and compile what they find to be some of the most significant digital policy developments.
The SEEsummary does not claim to be a comprehensive source of information. Despite our efforts, we may miss some things happening across the region. To help us cover as many significant developments as possible, we invite you to share with us news from your countries.