The cyber security law is essential to the objective of making the national cyber security system operational and facilitating the adoption of a complex of measures correlated with the accelerated dynamic of cyber-attacks, according to a press release of the Romanian Intelligence Service (SRI) remitted to Agerpres.
‘In regards with some critics brought to the cyber security law, the SRI reiterates the constant concern for the complete observance of the legislative framework referring to the protection of human fundamental rights and freedoms and the permanent actions for protecting them. In this respect, we reiterate that the law, such as it was adopted in Parliament, doesn’t allow the state institutions’ access to data concerning the individuals’ private life, without the previous authorisation from a judge. From this stand, we find that the fears, the speculations and the accusations manifested in the public area are lacking any real ground,’ the release signed by SRI Spokesman Sorin Sava reveals.
He shows that, according to this law, only the cyber infrastructure owners (not natural entities holding IT&C equipment – computers, tablets, smartphones, etc) have the responsibility to put at the disposal of the authorities in charge, upon a motivated request, exclusively technical data, such as the indicators describing the activities carried out on the operation systems level (logs) concerning the threat (cyber-attack, security incident, etc) making the object of the request.
‘Subsequently, if the evaluation of the previously obtained technical data, limiting the investigation area, reveals the need to expand the investigation on some equipment involved in the cyber-attack, which can definitely be associated to some determined persons, the access to this equipment will be done only based on an authorisation issued by a judge,’ the release shows.
According to the SRI, the access of the authorities in charge to a certain IT equipment (computer, tablet, smartphone, etc), namely to the personal data saved on it, supposing the restriction of exercising some fundamental rights or freedoms, can exclusively be done based on an authorisation issued by a a judge.
‘In the same context, in report with the critics related to the absence from the text of the law of some additional guarantees concerning the observance of the human rights, we mention that the procedure of authorising the access of the authorities in charge to content or personal data is already regulated both in the criminal procedure code and in the national security law, recently modified in accordance with the highest standards in the area of human rights protection, and their repeated takeover in the text of several laws contradicts imperative norms of legislative technique,’ the release mentions.
In agreement with the commitments Romania assumed within the NATO and the EU, the SRI believes that ensuring cyber security must be a major concern of all involved actors both on an institutional level, where the responsibility of drawing up and enforcing a coherent security policy in the area is focused, and on the level of private entities, interested in protecting their own security, Sorin Sava added.
‘So far, in the context of a deficient legal framework in the cyber area, SRI, together with other relevant institutions in the area, has carried out significant human and material resource acquisitions, has developed a series of procedures, in accordance with the pace of the technologic evolution and of the new threats associated to it, has constantly consolidated information and operational capabilities allowing the efficient achievement of its mission at the international reference standards,’ the release also shows.
According to Sorin Sava, the gathered experience and the results obtained have led to SRI’s validation as an important pillar in the architecture of collective security, by the Service’s designation in the NATO Summit of Wales in 2014 as the Romanian state’s public authority in charge with managing and implementing the NATO Trust Fund project for Ukraine in the area of cyber defence.
Minister Grindeanu: A transparent debate on the “Big Brother” Law needed
In turn, Minister for the Information Society, Social Democrat Sorin Grindeanu, wants an as transparent as possible debate on the so-called ‘Big Brother’ law.
He considers that a highly balanced relationship must be kept between ensuring the citizens’ security and their individual rights and freedoms.
“I think a very just balance must be kept between ensuring the citizen’s right to security, because this is definitely a right of his the state is bound to ensure, and the citizen’s freedoms. Beyond all the overstatements we see in the media – not to mention that many aspects are in no connection with reality – there is an interministerial working group where almost all state institutions are being represented – be they governmental or of some other category, and which is working on a law package intended to set these requirements consistent with the decisions of the Constitutional Court,” Grindeanu told Agerpres.
According to him, the Constitutional Court of Romania has recently rejected several laws with such scope, and the role of the working group is precisely that of placing these laws in line with the decisions of the Constitutional Court.
As for the security of vital state institutions against cyber-attacks, Grindeanu stressed that one should bear in mind that these bodies are also tasked with safeguarding the rights and freedoms of the citizens.
“In my opinion, state institutions are those required to protect the citizen’s right to security. This can be achieved by certain levers – and here we speak again of this set of laws – but they must also take into account the citizens’ freedoms. Therefore, this balance must be extremely fine-tuned,” the Minister said.
Grindeanu also explained that when the working group reaches a common view, the law package “will be put up for public debate with the civil society, with the operators”. ”I insist that my version is that we go into Parliament with highly transparent debates, because this legislative package is required to meet both the citizens’ need for security, but also the citizen’s rights and freedoms as per the decisions of the Constitutional Court,” concluded the Minister for the Information Society.