Saturday, 23 June 2018

HN: Cyber defence bill vague, needs debate before passing

2 February 2017

Prague, Feb 1 (CTK) - A new Czech bill on cyber defence empowers the military intelligence to hack Internet operators' networks, which has met with rightful protests from the operators and some politicians now that parliament is about to discuss the bill, David Klimes writes in Hospodarske noviny (HN) on Wednesday.

As usual on the Czech scene, no one reacted when the cabinet approved the bill last October. The uproar broke out only now, aimed to prevent the bill's passing by the Chamber of Deputies, Klimes writes.

The bill's intention is undoubtedly correct. The country definitely needs to enhance cyber defence, also as a new dimension of the joint defence of NATO, Klimes writes.

However, the bill's shape is very poor. The new power of the Military Intelligence Service (VZ) is defined by a single sentence that binds operators to enable the VZ to connect "technical cyber defence means" to Internet networks, Klimes writes.

This formulation is too vague to adequately cover the VZ's planned sensitive operations, he writes.

As early as last November, HN highlighted the bill and warned that mobile operators feel apprehensions of it. They will have to let state hackers connect to their networks and then they can only pray for the hackers to apply solely passive means of data flow monitoring, Klimes writes.

The contents of Internet communication will remain untouched, and its use [in criminal proceedings] will still require a court's consent, like now, assert the authors of the bill, from the Defence Ministry, Klimes writes.

Nevertheless, the bill's wording definitely does not make it sure that the intelligence cannot read anyone's SMS message or invent its own counterattacks against hackers. If so, the operators logically fear for the stability of the network and its data, and they fear a possible revenge from hackers affected by a counterattack, Klimes writes.

This discrepancy has been noticed by several participants in ministries' recent debate on the bill, he continues.

The National Security Office (NBU), which is the main guarantor of cyber security in the Czech Republic, has sourly remarked that the bill "makes a strong impression of being of intelligence nature" and tackling cyber defence in "a declaratory way" only, Klimes writes.

The Defence Ministry has dismissed all doubts about the bill and continues to defend the vagueness of its provisions, he says.

The ministry's spokesman naively explained its approach to HN in November. "In view of the dynamic development in this area, it could happen that the law's provisions would quickly become outdated."

True, this is unpleasant, but it is usual in a law-abiding state that laws get outdated, Klimes writes with irony.

In spite of this, laws are needed, and they must be formulated as accurately as possible, in order to be enforceable by citizens, Klimes writes.

That is why the country needs a bill with more detailed provisions, which would exactly outline the rights and duties for the state hackers, he writes.

Like in the case of other laws, the cyber defence bill must laboriously secure an equilibrium between safety and freedom. It is simply impossible to give a blank cheque to the principle of safety and then only hope that it will be applied correctly, Klimes concludes.

Copyright 2015 by the Czech News Agency (ČTK). All rights reserved.
Copying, dissemination or other publication of this article or parts thereof without the prior written consent of ČTK is expressly forbidden. The Prague Daily Monitor is not responsible for its content.