The State Service for Special Communication and Information Protection of Ukraine (SCIPU) has drafted the final version of the bill On Basic Provisions of Ensuring Cyber Security of Ukraine for yesterday’s meeting of the Cabinet of Ministers. Capital has a copy of the document that has been coordinated with the Ministry of the Internal Affairs, Ministry of Defense, Ministry of Economic Development, Ministry of Finance, the SBU and Ministry of Justice.
Any website at gunpoint
As it turned out, besides other things, several changes to the Law on Telecommunications need to be introduced for ensuring cyber security. As for the accompanying notes to the bill, the State Security Service of Ukraine (SBU) proposed to introduce the definition of content provider to the new law. This is an entity, which provides information and other services through the networks of operators and providers of communications. Head of the Internet Association of Ukraine Tetiana Popova says that any website may fall under this definition.
According to the changes that are being proposed to the Law on Telecommunications, content providers will have to register, just like telecommunications companies, in a specialized register and obtain licenses and permits, if required by law. In addition to that, content providers and communications operators will have to save and transfer to agencies ensuring cyber security (special subdivisions of authorized government bodies) information on identification of the providers of services and also the route through which the information on connection with the subscriber was sent.
The SCIPU took into account the requests of the SBU in the bill. Noteworthy, the Ministry of Justice also proposed to introduce the definition of the mechanism of blocking access to Internet resources, but the SCIPU did not reflect this proposal in the final version of the bill.
Popova believes that in this way the government is trying to gain control over Internet services in the country. President of Mirohost/Imena.ua Oleksandr Olshanskiy agrees. “Extrajudicial surveillance of people is not a good idea, of course if we do not rely on Russia’s experience. In the majority of other countries such methods are not used,” he emphasized.
The American way
The bill was drafted upon the instruction of the Cabinet of Ministers. The government was expected to approve it at yesterday’s session, though that did not happen. “Premier Arseniy Yatsenyuk argued that the law should be submitted by the new Cabinet,” informed Capital’s source in the SCIPU. He added that the government instructed to revise the bill following the American example and gave time for this until the end of the year.
Capital’s source suspects that the Kyiv office of the international organization ISACA (Information Systems Audit and Control Association) influenced this decision of the government. “At least they were talking about using the American concept as a basis since this past summer,” he said.
“We did not offer a separate concept. We provided SCIPU with a review of principles of ensuring cyber security in different countries,” ISACA President Oleksiy Yankovskiy assured. He said that the association was also in favor of the provision that information on users of Internet services should be provided only by court warrant as there are a number of international conventions that protect human rights in this sphere.
Olshanskiy also says that he had many questions regarding the document that the government drafted in the fight against Internet threats: “In my opinion, the officials are so far only trying to create a basis for abuse instead of fighting cyber threats.”