Serbia: New Instructions and Law Regulations on Online Privacy · Global Voices
Danica Radovanovic

On July 21, RATEL, Serbia’s Republican Agency for Telecommunications, posted a Document of Instructions for Technical Requirements for Subsystems, Devices, Hardware and Installation of Internet Networks on their official web site. This news didn’t go unnoticed yesterday in Serbian blogosphere and internet community, as many bloggers expressed various opinions as well as disapproval because of the potential abuse of users’ privacy.
This document of instructions defines technical requirements for authorized monitoring of some specific telecommunications and provides a list of duties for telecommunication operators, which are obligated to act according to the Constitution Law of Republic of Serbia as well as elements of it.
According to element 55 (Law of Telecommunications), subpart 3, these Instructions were issued by RATEL in cooperation with public telecommunication operators and the governmental body responsible for immediate conduct of electronic monitoring.
This means implementation of massive tracking and archiving in all forms of electronic communications for the purposes of the national agency for the security.
Internet Service Providers (ISP) are obligated to enable governmental bodies to access updated databases with personal data on users, contracts, maximum speed of data transfer, identification addresses as well as access to database about email users. ISPs are also obligated to provide hardware and software for passive monitoring in real time, collecting and analysing Internet activities, statistics, interception of email, attachments, web mail, IP video traffic, phone traffic, interception of IM traffic, peer-to-peer networks, service of email and forwarding the email content towards the center of governmental bodies for supervision. Technical requirements (hardware and software) should enable reconstruction of traffic interception up to the level of application and filtering within these criteria: username, user phone number, email address, IP address, MAC address, IM identification.
All those technical requirements are active and they will be used if there is request or need of the governmental bodies or police to monitor in cases of serious security violation or crime act. This Instruction does not define the privacy of the data as violation of the citizens’ privacy (in telecommunication terms it is forbidden). The privacy is protected by the Law of Telecommunication, as well as by the Serbian Constitution.
Similar cyber laws and technical instructions already exist in other countries. Formally, at least, it's good to have such regulation on one side where privacy is protected – formally, but, on the other hand, I am wondering if the Republican Agency for Telecommunications in Serbia, national security and ISP will (or will not) violate and abuse privacy of citizens in the internet community in practice.
***
Here are some of the reactions in the Serbian blogosphere, as well as possible solutions for protecting your privacy on the Web.
Tamburix, in a blog post titled “Big brother is watching, monitoring and recording you” (SRP), contemplates the invasion of privacy and compares it to Big Brother:
The latest technical requirements of the Republican Agency for Telecommunications and installation of the equipment for internet networks in Serbia, brings elements of Big Brother where the state has permission to get and use all the information regarding our online presence.
Milan posts a link to the document, saying (SRP) that there is also some positive aspects in this document:
I don't know what to think about this. It can be a good thing… great thing, to finally put a law in action on Serbian Internet. On the other hand, the possibilities of misuse are there. If someone misuses it, then it's really bad. Censorship, espionage, call it whatever you want.
Rehash blog writes (SRP):
[…] I read a lot of negative comments on this document, with which I fully agree. I can't say that I didn't expect this to come at some point. Regulations in the USA, in some countries of the EU and the UK are restricting their citizens with similar practices. Will our protests solve this problem? I'm almost sure they won't. For quite some time, our citizens have been apathetic, and they'll tolerate whatever repression methods our pseudo-democratic government is using (in the first year of my studies, professors told me that democracy doesn't exist). […] Fine, lots of bloggers, geeks, or users of the Internet will write and protest for some time. After this, silence will come again. And what to do then?
Vesic Tehnology blog comments (SRP) on the new instructions:
Balkan Spy*, the RATEL/BIA way
It is almost impossible how some “agencies” (read: BIA and similar) through their puppet organizations (read: RATEL) try to put in use the most terrifying “technical” documents, which have only one purpose: to get complete control over your e-life.
Constitution? Law? Justice?
We'll get there probably when we make independent agencies from “independent” agencies, and when justice system and police start doing their job, and when politicians […] start thinking of “irrelevant” things, like the well-being of those who have put them where they are now.
You still think that the most important news is the Karadzic's arrest? Think again. He's one person, and we're getting here the whole Balkan spy over all of us.
*Author's note: there is a movie named “Balkan Spy”.
Jazzva, a computer science student, critically comments on this (SRP):
Maybe the instruction defines “random user” in order not to get in the situation where only data on some users is being kept. And the Constitution defines the access to that data, so someone can get them only by the warrant issued by the Court, or in the case of violated security of Republic of Serbia.
Personalmag blog writes (SRP) about Serbia as a country of Big Brother:
What was probably expected in the totalitarian regimes is happening to us today, paradoxically in the time of “democratic” and pro-European government.  RATEL, a government body for regulations of telecommunications, […] by issuing some technical document, innocently named “Technical requirements for subsystems, devices, hardware and installation of Internet networks” […] is bringing a totalitarian monitoring of all electronic communications by “responsible government body.
Two interesting comments on this post:
It is totally out of mind, and so expected. I knew something like this would happen, and that it would be put into use, as you said, on the small door. I'll start to crypt my thoughts, not just e-mails. This needs a reaction! It is intolerable and violation of basic human rights.
Another comment:
This is a catastrophe. The commenter who said it's the same as in Western countries – it is, but only when there is a court-issued warrant [to monitor]. Over there, the providers would be the first to react if they had to forward traffic and mails on their own expenses. And how do they think to get VoIP traffic, which is crypted, like Skype? Do they [responsible government body] expect from provider to decrypt it and provide it to them on a silver plate? We also need to protest to international organizations that protect freedom of speech and freedom of the Internet.
Sasa Bodiroza, a student of Computer Science at the University of Belgrade, writes on his blog:
Serbia’s Republic Agency for Telecommunications (RATEL), has passed a new law regulation  (text in Serbian) on Internet traffic interception and redirection. Basically, it allows Serbian government to read each and every bit of our communication, including HTTP, VoIP, e-mail and IM protocol. It’s not that I have something to hide; it’s just that it’s a serious violation of my privacy. And I don’t really like that.
Update: I think I overreacted a bit in my comment. This legal act is not supposed to talk about violation of privacy. Violation of privacy is forbidden by the Serbian Telecommunication Law, and the Serbian Constitution. The whole purpose of this legal act, as I see it, is to amend article 55. of Telecommunication Law.
And he further on suggests how to protect your privacy:
Since we can’t change the law immediately, the least we can do is to protect our privacy. We can use encryption methods to encrypt our communication. Here are few advices.
Aleksandar Urosevic finishes his blog post (SRP) in a humorous manner, using irony:
From Urke's cookbook: tomorrow, you too, my dear readers, will know which toilet paper I prefer, and which finger I use to pluck my nose. Why should the government be the only privileged to this crucial information about me, I know that “the people should know”!
***
A question to Global Voices readers: What are the regulations in your country and do you feel like being watched/monitored?