Montenegro Court to Examine Publication of Self-Isolating Citizens’ Names

Montenegro’s Constitutional court had agreed to examine whether the government violated the human rights of citizens ordered to self-isolate during the coronavirus by publishing their names.

On Friday it said it would consider the appeal brought by the local NGO Civil Alliance against the decision to publish the names of people undergoing self-isolation, which the alliance said violated their constitutional right to privacy.

The court will examine whether the decisions of National Coordination Body for Infectious Diseases violated constitutional rights,” the court said. 

The government published the names on March 21, despite warnings from opposition parties and civic society organizations that it risked violating constitutionally guaranteed human rights.

The government said it had to publish the list because some citizen were not respecting self-isolation obligations. It also claimed it had the approval of the Agency for Personal Data Protection. It stressed that security forces could not control every citizen who should be in self-isolation, and anyone who failed to self-isolate posed a threat to the entire community.

Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the global COVID-19 pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

Opposition parties and the civil society sector urged the government not to publish the lists, insisting it would violate the constitutional right to privacy. They also warned that citizens whose names were published might sue the state before the court.

The Head of the EU Delegation to Montenegro, Aivo Orav, called on the authorities to find the right balance between protecting the health and respecting the confidentiality of health information and the right to privacy of citizens.

On April 8, the Prosecutor’s Office filed criminal charges against a medical staffer in the Health Centre in the capital, Podgorica, after he published the list of names of infected people and their ID numbers on social networks.

It said that the man, known only by the initials M.R., was not unauthorized to collect and use personal information on COVID-19 patients through the IDO system and forward them via Viber to other persons.

Facebook-Partnered Croatian Fact-Checkers Face “Huge Amount of Hatred”

A leading Croatian fact-checking site, which has partnered with Facebook to weed out misinformation on the platform, says it is facing “a huge amount of hatred” for the work it does, work that the site says has increased dramatically since the onset of the COVID-19 pandemic.

Croatian politicians, websites and users of social media have all taken aim at Faktograf in recent months, accusing it of censorship.

A member of the International Fact-Checking Network, IFCN, since 2017 and the only Croatian media specialised in verifying the accuracy of claims made in public, Faktograf says anti-vaccination groups are particularly sensitive to the debunking of fake news.

Since the onset of COVID-19, “The amount of misinforming content circulating on the internet has drastically increased as people spend more time on the internet, looking for answers to questions that bother them and trying to understand the sudden changes they see in the world around them,” said Faktograf editor-in-chief Petar Vidov.

“It’s mentally stressful to watch all day long how many people spread such misinformation, how fast such things are spreading, and then after all that, you get… a huge amount of hatred, threats, directed against Faktograf because of the work we do.”

“More or less, it is going well, but the problem is that there is that certain number of people you will never reach because they are simply grounded in their own beliefs for a long time, they reject argumented dialogue,” Vidov told BIRN in an interview.

So-called ‘anti-vaxxers’ perceive the debunking of fake news “as a threat to their agenda,” he said.

Falsely accused of ‘spying’ and deleting content


Illustration. Photo: EPA-EFE/LUONG THAI LINH.

Founded in 2015 by the Croatian Journalists’ Association and democracy advocates GONG, Faktograf last year became one of more than 20 organisations in 14 European Union countries partnering with Facebook in reviewing and rating the accuracy of articles posted on the social networking giant.

Social media users, online platforms and websites in Croatia say Faktograf is effectively censoring their opinions, a claim Vidov said was the result of a “misunderstanding of Facebook’s partnership with independent fact-checkers.”

“We do our job, we are debunking those inaccurate claims that spread in the public space and therefore we have our editorial policy, we determine what we will do,” he told BIRN.

“We prioritise things that endanger human health and that reach a large number of people.”

“Under the terms of that partnership, after we check some content and mark it as inaccurate, partially inaccurate or misinforming in some other way, for example through a fake headline, Facebook should reduce the reach of such content.”

Vidov stressed, however, that Faktograf had nothing to do with Facebook’s own removal of a wave of inaccurate content since the outbreak of the novel coronavirus at the start of the year.

“Faktograf has nothing to do with these removals, we are not working to remove that content, nor do we know which content is being removed.”

“However, people have developed this assumption that it is Faktograf that spies on their profiles and deletes their content from it.” Such assumptions are fuelling “unfounded” hostility towards Faktograf, he said.

Anti-vaxxers promoting conspiracy theories


A graffiti in Croatia’s capital that reads “Stop 5G”. Photo: BIRN. 

That has not stopped the likes of 34-year-old Croatian MP Ivan Pernar, who opposes vaccination, from taking to Facebook and YouTube on April 26 to criticise Faktograf, saying the site “determines what is true and censors those who think differently.”

In May, there were a number of small protests in Croatia calling for the suspension of all measures taken by the government to tackle the spread of COVID-19, to halt “violations of free speech” and a halt to the installation of a 5G wireless network “until it is proven not harmful.”

5G has become the focus of a widely-shared conspiracy theory linking the technology to the spread of the coronavirus. Faktograf has written extensively about the conspiracy theory and on Sunday, when another small protest was held in Zagreb against 5G one of those present held a banner describing those working for the site as “mercenaries.”

“At the very beginning of the pandemic, there was a lot of information about fake drugs [for coronavirus], theories about how you can test yourself for coronavirus and so on – misinformation that spread primarily out of ignorance, out of the people’s need to get some orientation in all this,” Vidov said.

“But very quickly, conspiracy theories have taken over the story.”

“What we now mostly see is misinformation directed against vaccines,” he said, describing the anti-vaxxer movement in Croatia and the Balkan region as “quite strong”.

“They took over the narrative about the virus and managed to form it in the direction of a big conspiracy of global elites who want to chip the entire population to be controlled, and will do so through a vaccine against coronavirus.”

Fact-checkers playing catch-up


Illustration. Photo: EPA-EFE/HARISH TYAGI.

Vidov, who previously worked at online news site Index.hr, said those who spread misinformation are usually motivated by money.

“People simply make money from it because they generate traffic which they then monetize through advertising services like Google Ad Sense and the like,” he said. They themselves are rarely the originators of such narratives, but simply pick them up “most often from propagandists trying to achieve something.”

“The problem is that this misinformation, no matter how it is created… enters the system in which there are a large number of people who want to make money on this type of content and then they expand it and actually increase the reach of that damage, of that propaganda.”

Those who end up believing the misinformation are not “actors” but “victims” in the process, he said.

“Our education systems have not educated people well enough to be consumers and readers of media content, which is why we have a problem with the fact that unfortunately, a large number of people are not able to spot the difference between a credible and a non-credible source of information”.

The low level of public trust in domestic as well as international bodies is another major factor, Vidov argued.

Fact-checkers, he said, have a tough task in front of them.

“It is frustrating that it takes a lot more time to debunk inaccurate information than it takes to place any misinformation, no matter how stupid and unconvincing it may be.”

Hackers Expose Gaping Holes in North Macedonia’s IT Systems

North Macedonia’s officials are trying to persuade the country that after hackers recently leaked dozens of email addresses and passwords from staffers in public institutions, the situation is under control.

But, as they did so, some of the key pages of Skopje’s main local government’s website could not be reached since Thursday – in what looked like yet another serious breach of cyber-security.

Some pages on Skopje city’s official website, including the one about taxes, are currently marked not secure for use due to an “expired security certificate” – which experts said could lead to another breach of data privacy.

Web browsers such as Mozila and Google Chrome blocked access to some of the pages on the skopje.gov.mk website, meaning that the system could either be vulnerable to a hacker attack, or that the website’s users could be vulnerable to a “man-in-the-middle attack”, or MITM.

This is when attackers secretly alter communications between two sides and steal key information, such as passwords, messages or credit card numbers.

The latest security breach came after a Greek hacking group, called “Powerful Greek Army” leaked dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica – and bragged about their exploits on Twitter on May 10.

When and how the hackers got into these systems is still unclear, but both the North Macedonia’s Interior Ministry in charge of cyber-crime and the Greek authorities promised a swift joint investigation.

Recently, the Powerful Greek Army hacker group also took down the website of the Institute for Sociological, Political and Juridical Research at the country’s main Sts Cyril and Methodius University in Skopje.

Over the past few years, the government has promised to take action following a series of sophisticated and coordinated IT security breaches and hacker attacks on websites containing citizens’ data.

But some consider the country’s current response to cyber threats far too weak.

Speaking about the latest May 10 attack, the authorities shrugged off the threat, insisting that the hacked email accounts could not be accessed with the leaked passwords or with any other data sets. The data obtained by the hackers was more than seven years old, dating from 2013, they added.

“We have no evidence that the current email systems of those institutions have been hacked lately, and we are investigating all the details related to this case,” the government said in an upbeat statement.

It added that official email systems had been updated since 2013, and that protocols with complex passwords for official email addresses have been set, as well as other cybersecurity protocols in the systems that should reduce the risk of systems being compromised.

However, experts warn that although some steps have been taken, they are far from meeting the criteria that are needed. They say the latest incident should be seen as a warning about the kind of cybersecurity practices now being used in the country.

Experts say too many old operating systems are still being used, leaving state institutions vulnerable to hackers attacks, while staffers in these institutions lack proper training on security protocols.

A study in 2018 by the Ponemon Institute, which conducts independent research into data protection, looking at the cost of data breaches, said an average public-sector data breach could cost up to 2 million euros.

Government data breaches are meanwhile two-and-a-half times more likely to remain undetected for a year or more than those in the private sector, said a report by The Daily Swig, which focuses on bugs, viruses and data security issues.

In 2018, the then North Macedonia’s government adopted a national strategy and an action plan on cyber-security, but little has been done since.

In recent years, there have been other examples of poor protection of state institutions. Last year, a former member of parliament was arrested for hacking into the Central Registry.

In 2015, the Ministry of Information Society and Administration and the State Prosecution Office were among several institutions targeted by a hacker group, believed to have ties with jihadist groups in the Middle East.

Outdated operating systems are big concern


Photo: Screenshot

One of the major problems for North Macedonia’s IT systems is that most of the operating systems are outdated, and so are more vulnerable to attacks.

“The security of IT systems in the country most often does not meet the necessary standards,” Milan Popov, a Skopje-based cyber-security engineer with years of experience of IT security in the public sector, told BIRN.

“Old operating systems are still being used, websites often do not use security certificates, and weak passwords are used to log into systems,” he added.

“For example, many state institutions are still using the Windows XP system, known for its security vulnerabilities. All this leads to a great danger of compromising systems and potentially extracting sensitive data from users,” Popov continued.

The government adopted a national strategy and an action plan for cyber-security for the period of 2018-2022 in July 2018. The strategy aimed to define the critical infrastructure, and the role of each institution regarding cybersecurity efforts as a whole.

In 2019, it also formed a National Council for Cyber-security, comprising the ministers of Interior, Defence and Information Society. Although it was two years in the making, the council has held only one meeting so far, in January this year, when it held a constitutive session.

Regarding its goals, the council has stated that it will aim to implement the recommendations and cybersecurity practices of fellow NATO-member countries.

Strong and resilient cyber-defences are part of NATO’s core tasks of collective defence, crisis management and cooperative security.

One of NATO’s main objectives is strengthening its members’ capabilities in cyber-education, training and exercises. Member countries are also committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks.

According to the government budget for 2020, the country is investing just over 6 million euros in institutional IT support, from a projected budget of 71.6 million euros. The same amount was spent on IT support in 2019.

Staff need more education in IT security


Illustration. Photo: Unsplash

The email list published by the Powerful Greek Army hackers was concerning also as the employees of the Ministry of Economy and Finance might have used the same passwords for other accounts.

The attack aimed to reveal just how weak the system’s IT protection was. The hackers also promised a return visit. On their Twitter profile they wrote that they would “not stop attacking Skopje”.

The leaked lists contained examples of worryingly weak passwords. According to cyber-security experts, this alone was a cause of concern when it comes to the security of the administrative systems and the data of employees.

“Some of the security concerns here include passwords leaks, plaintext passwords, passwords that contain a part of the last name, are only in letters or only in numbers, are shorter than eight characters, and are without special characters,” Martin Spasovski, a Skopje-based software engineer, told BIRN.

Some of the methods that hackers use to steal passwords are phishing, password spraying, or keylogging. When it comes to passwords, he said users should always pay attention to password strength. In most cases, a strong password policy can make a difference in preventing such attacks.

To prevent more such incidents, state institutions have to educate IT staff more about the various challenges that hacking threats pose, experts note. “Protection requires a serious investment of hardware and software, but the most crucial need is to educate the IT staff on how to use all of this,” Popov emphasized.

“It’s also extremely important to educate non-IT staff on how to recognize various hazards such as social engineering, malicious websites, or working with sensitive data.”

A study conducted by international cybersecurity scholars in 2018 reached similar conclusions about the importance of training.

“Within public institutions, training in cybersecurity issues both for IT staff and general staff is very limited, and it is often at the discretion of management whether a member of staff is permitted to attend a general cybersecurity training or certification course,” it noted.

The Defence Ministry, one of the main components of the cyber-security critical infrastructure, says it regularly conducts cyber-security training for its employees.

“During 2019, 10 trainings on raising cyber-security awareness were conducted, in which 152 ministry employees participated. The Army also conducted training that covered over 1,200 members,” the Defence Ministry told BIRN in a statement.

For 2020, the Defence Ministry planned to conduct training for 150 employees that was supposed to start in April, but had to delay them because of the pandemic measures.

“Securing the cyberspace, being of utmost importance to all organizations involved in the digital world in any aspect, is the main focus of the Cybersecurity Specialist Academic Track – part of the Computer Networks Academy at SEDC”, Toni Todorov, senior DevOps engineer with SEDC, one of the country’s biggest computer education centres, told BIRN.

“Governments across Europe are heavily investing (and will invest even more) time and resources in raising awareness and remediating the threat to the security of their citizens, especially the digital kind,” Todorov added.

Turkish Police Hunt Musical Minaret Hackers

In last two days, unknown persons in Turkey have hacked mosques’ digital audio systems in the coastal city of Izmir and played the anti-fascist song Ciao Bella and other songs with revolutionary messages.

After videos of the stunt were widely shared, Izmir police announced that they had started an investigation on Thursday and detained several people for insulting religion.

The detainees included Banu Ozdemir a former city official of main opposition Republican People’s Party, CHP.

The Turkish Religious Authority, the Diyanet, announced that it had filed a criminal complaint about the hacking.

“These people are unknown and evil-minded. They insulted our sacred religious values in the holy month of Ramadan. We have filed a criminal complaint at the city prosecutor’s office,” the chief cleric in Izmir, Mufti Sukru Balkan, said on Thursday.

The Diyanet had to suspend all calls to prayers, known as adhans, in Izmir because of the attacks until further notice.

The digital attacks and the playing of songs from minarets angered local politicians.

“We condemn these attacks on our mosques. Whoever has a problem with mosques also has problems with the nation,” Omer Celik, the spokesperson of the ruling Justice and Development Party, said on Thursday.

Tunc Soyer, the Mayor of Izmir, from the CHP, also called the incidents provocative. “The incidents made me and the people of Izmir very sad. This is a provocative and villainous act to set us against each other. We should not fall into this trap,” Soyer told the media.

Several Turkish media outlets said the attacks were likely organised by a Marxist hacker group known as Redhack.

Redhack previously hacked several Turkish government websites, including the Ankara city police department and the Turkish parliament. The group also hacked the email account of Berat Albayrak, the Finance Minister and son-in-law of President Recep Tayyip Erdogan.

Taylan Kulacoglu, an alleged member of Redhack, was arrested on May 20 after he led a group called “Movement of the Unnamed” on social media platforms that said it intended to “stop the manipulation and disinformation spread by pro-government social media trolls”.

President Erdogan’s Islamist government had close links to the mosques, which have backed the government’s policies during the COVID-19 pandemic.

The Aegean seaport of Izmir is an industrial, touristic and agricultural centre on the coast and is a stronghold of the main opposition CHP.

How Editors and Journalists Can Use Hostwriter Tool to Collaborate

Meanwhile, newsrooms are far less able to send reporters abroad for research and coverage, even at a time when the importance of cross-border reporting is at an all-time high.

With this dynamic in mind, Hostwriter has launched a new tool, COVID-19 Collaboration Wire. With support from nextMedia.Hamburg and in partnership with the European Journalism Centre, this tool aims to help editors easily commission journalists across borders. Read on to see how both journalists and editors can take advantage of this new feature.

How editors can use COVID-19 collaboration wire

To use COVID-19 Collaboration Wire, editors and news publishers do not need to join Hostwriter. (Although, of course, they are very welcome to do so!)

To find journalists to commission, editors can access editors.hostwriter.org and fill out the form on that page. They will need to indicate what kind of reporting or research they are looking for, in what country (if applicable) and how much they will pay for the commissioned work.

After they submit, they will get confirmation that their request was received. Within the next few days, they will receive contact from Hostwriter containing the top pitches for their request and the contact information for the vetted journalists. After Hostwriter’s “match-making” role is complete, the editors and journalists can take it from there.

How journalists can find commissions from COVID-19 collaboration wire

To find calls for pitches submitted through the COVID-19 Collaboration Wire, Hostwriter members need only sign into their Hostwriter.org account and go to our HostWIRE chatroom. There, calls for pitches will be posted with all necessary information about how to apply. After logging in to Hostwriter, click on “Collaboration”, then click on the board “Calls for Pitches”. Posts from the COVID-19 Collaboration Wire will contain #CovidWire in the subject line.

Not a Hostwriter member? It’s easy and free to join our network of 5,000+ journalists in 154 countries and gain access to HostWIRE, our journalism chatroom. Every day, they post new grants and fellowships, job opportunities, calls for pitches and more. In addition, you can use the board to get advice and find co-authors to work with. To register, click here: bitly.com/JoinHostwriter

Both Editors and Journalists can reach out to Hostwriter with any questions about how to use the COVID-19 Collaboration Wire. Simply write to wire@hostwriter.org.

This article was initially published at www.hostwriter.org.

Question Marks over Slovak Quarantine App Fuel Privacy Concern

A lack of detail on a new smartphone app designed to help authorities in Slovakia track people in home quarantine is raising doubts about its compliance with data privacy rules and fuelling conspiracy theories.

With 28 confirmed deaths to date, Slovakia tops the chart of European countries with the lowest number of COVID-19 victims per capita, a source of pride for politicians and healthcare workers.

But the country is also one of the last in Central and Eastern Europe to introduce any kind of digital technology to help tackle the pandemic.

Last week, parliament passed a bill introducing an app to keep tabs on those in quarantine at home, after the country’s Constitutional Court halted development of a contact-tracing app that had triggered concern over the need for the mass collection of data.

The quarantine app was due to go live on May 18, but authorities postponed the launch saying more testing was needed.

Created by the Slovak IT firm Sygic, the app avoids the need for any mass collection of data, but a lack of detailed information, particularly regarding how the data will be stored and who will have access to it, has many Slovaks worried.

Data rights activists say that, while the government must do what it can to save lives, it must also be transparent in order to earn the trust of the people.

“We understand that this difficult time calls for quick and maybe non-traditional solutions, but we can’t forget the [need for] clear communication, which would dispel concerns about a possible abuse of private data,” said Andrea Cox, director of Digital Intelligence, which works to promote the protection of digital rights in Slovakia.

Last week, Slovak parliament passed a bill introducing an app to keep tabs on those in quarantine at home, after the country’s Constitutional Court halted development of a contact-tracing app that had triggered concern over the need for the mass collection of data. Photo: EPA-EFE/JUSTIN LANE

Constitution vs. public health

For the past two months, Slovaks returning to the country have had to go into state-run quarantine facilities where they are tested for the novel coronavirus and, if negative, allowed home.

But Slovakia’s government, led by Igor Matovic and his anti-establishment OLANO party, has faced widespread criticism over conditions at the facilities.

The government now says the new, voluntary app – based on face biometrics and movement data – will allow people to self-isolate at home if they would rather not enter a state-run facility.

The data will be monitored by the Slovak Public Health authority, which, under the new law, must destroy a person’s data as soon as the required quarantine period is over.

It is still not known, however, where the data that is collected will be stored and who will have access to it.

Introduction of the app follows a Constitutional Court ruling last week that suspended telecommunications legislation adopted in April and that cleared the way for the mass collection of data from smartphones, effectively slamming the brakes on development of a contact-tracing app. Judges ruled that the Telecommunications Act was not specific enough and left unclear how private data would be handled.

It lacked, they said, “necessary guarantees against the misuse of the processed private information” and means of independent oversight.

Matovic said he was confident the new home-quarantine technology would pass muster.

“I think the constitutional court decision cannot prevent us from making the quarantine stay more comfortable for people,” he told a press conference on May 14.

But data privacy advocates are unconvinced.

“It is unacceptable for apps that could affect the everyday life of Slovak citizens to not be communicated properly,” said Eliska Pirkova, Europe Policy Analyst at Access Now, an international data rights advocacy group, during an online discussion on May 15 about the erosion of data rights during the COVID-19 crisis in Slovakia.

“We all know that technologies have the power to discriminate and breach not just the right to privacy, but other rights too. This is what I see as a problem in Slovakia.”

Technology and public trust

Poor communication has created a vacuum in Slovakia filled by misinformation and conspiracy theories about a potential COVID-19 vaccine, the origin of the coronavirus and the threats to privacy proposed by new technology.

Marian Kotleba, leader of the neo-fascist People’s Party Our Slovakia, LSNS, that won eight per cent of votes in Slovakia’s February general election, has shared conspiracies about microchips being implanted into people against their will, while former Prime Minister Robert Fico, leader of SMER-SD, has accused Matovic’s government of planning to spy on people via their phone data.

According to survey conducted by the Slovak Academy of Sciences, a large majority of voters for both parties believe the coronavirus was created in a lab and deliberately disseminated, while just 40 per cent of Slovaks say they would get vaccinated against COVID-19 once a vaccine becomes available.

“Insufficient communication creates space for those who shout the loudest, although they often talk rubbish, from the absurdities about microchips and manipulations to the 5G networks,” Cox told the May 15 online discussion, referring to a conspiracy theory that 5G mobile technology helps spread the virus.

“We want to believe,” she said, “that in designing the latest technological solutions, the officials have kept in mind questions like digital exclusion or discrimination caused by the lack of internet access, or social oversight.”

Need for vigilance

As countries emerge from lockdown, the development of smartphone apps to combat the spread of COVID-19 is being watched with mounting concern by human rights organisations concerned at their potential for abuse.

“Some restrictions on people’s rights may be justifiable during a public health emergency, but people are being asked to sacrifice their privacy and turn over personal data for use by untested technologies,” Deborah Brown, senior digital rights researcher at Human Rights Watch, said last week.

“Containing the pandemic and reopening society are essential goals, but we can do this without pervasive surveillance.”

Erik Lastic, head of the political science department at the Comenius University in Bratislava, said the pandemic had only further underlined the failure of the Slovak state to keep pace with technology. For years, corruption and incompetence have stymied efforts to create an effective digital public administration system. 

“The last decade, at the least, has shown that the state is failing in the development of any information systems,” said Lastic, also taking part in the online discussion. “It would be very unrealistic to expect that the pandemic can suddenly change that.”

Lastic said it was “good” that legislation introduced to combat COVID-19 was limited to the end of 2020, but that the experience of some countries, particularly in sidestepping legal restraints in the fight against terrorism since the 9/11 attacks on the United States, showed the need for vigilance.

“It would be naïve to trust that the state would limit itself and that it wouldn’t use tools that had worked well for it once,” he said.

Hiljade.kamera.rs: Community Strikes Back Against Mass Surveillance

Serbian citizens have launched the website hiljade.kamera.rs as a response to the deployment of state-of-the-art facial recognition surveillance technology in the streets of Belgrade. Information regarding these new cameras has been shrouded in secrecy, as the public was kept in the dark on all the most important aspects of this state-lead project.

War, especially in the past hundred years, has propelled the development of exceptional technology. After the Great War came the radio, decades after the Second World War brought us McLuhan’s “global village” and Moore’s law on historic trends. Warfare itself has changed too – from muddy trenches and mustard gas to drone strikes and malware. Some countries, more than others, have frequently been used as testing grounds for different kinds of battle.

Well into the 21st century, Serbia still does not have a strong privacy culture, which has been left in the shadows of past regimes and widespread surveillance. Even today, direct police and security agencies’ access to communications metadata stored by mobile and internet operators makes mass surveillance possible. 

As appearances matter most, control over the flow of information is a key component of power in the age of populism. We have recently seen various developments in this context – Twitter shutting down around 8,500 troll accounts pumping out support for the ruling Serbian Progressive Party and its leader and the country’s President Aleksandar Vucic. These trolls are also frequently used to attack political opponents and journalists, exposing the shady dealings of high ranking public officials. Reporters Without Borders and Freedom House have noted a deterioration in press freedom and democracy in the Balkan country.

However, a new threat to human rights and freedoms in Serbia has emerged. In early 2019, the Minister of Interior and the Police Director announced that Belgrade will receive “a thousand” smart surveillance cameras with face and license plate recognition capabilities, supplied by the Chinese tech giant – Huawei. Both the government in Serbia and China have been working on “technical and economic cooperation” since 2009, when they signed their first bilateral agreement. Several years later, a strategic partnership forged between Serbia’s Ministry of Interior and Huawei, paving the way to the implementation of the project “Safe Society in Serbia”. Over the past several months, new cameras have been widely installed throughout Belgrade.  

This highly intrusive system has raised questions among citizens and human rights organisations, who have pointed to Serbia’s interesting history with surveillance cameras. Sometimes these devices have conveniently worked and their footage is somehow leaked to the public, and in some cases, they have not worked or recordings of key situations have gone missing, just as conveniently. Even though the Ministry was obliged by law to conduct a Data Protection Impact Assessment (DPIA) of the new smart surveillance system, it failed to fulfil the legal requirements, as warned by civil society organisations and the Commissioner for Personal Data Protection

The use of such technology to constantly surveil the movements of all citizens, who are now at risk of suddenly becoming potential criminals, has run counter to the fundamental principles of necessity and proportionality, as required by domestic and international data protection standards. In such circumstances, when there was no public debate whatsoever nor transparency, the only remaining option is a social response, as reflected in the newly launched website. 

“Hiljade kamera” (“Thousands of Cameras”) is a platform started by a community of individuals and organisations who advocate for the responsible use of surveillance technology. Their goals are citizen-led transparency and to hold officials accountable for their actions, by mapping cameras and speaking out about this topic to the public. The community has recently started tweeting out photos of cameras in Belgrade alongside the hashtag #hiljadekamera and encouraged others to do so as well.

The Interior Ministry has yet to publish a reworked and compliant Data Protection Impact Assessment (DPIA) but the installation of cameras continues under sketchy legal circumstances.

Bojan Perkov is a researcher at SHARE Foundation. 


Croatia Accused of Slurring Watchdogs in Police Violence Dispute

Human rights organisations have accused the Croatian Ministry of Interior of resorting to slurs, after it rejected media reports of police tagging migrants and refugees who attempted to enter Croatia from Bosnia with paint.

“As a diversion tactic, the crudely written response by the MUP [Interior Ministry] simply used slurs and unfounded allegations against the reporting organisations and journalists,” two watchdog organisations, No Name Kitchen, NNK, and Border Violence Monitoring Network, BVMN, said on Thursday in a joint press release.

“Instead of dealing with these grave allegations and initiating an investigation, the Croatian MUP has fallen back on its traditional stance of denying all existence of violent removals from its territory and ignoring the photographic evidence and witness accounts,” they said.

The latest report by the BVMN and NNK said EU border countries like Croatia were continuing their established practice of conducting illegal “pushbacks” of migrants and refugees trying to enter from Bosnia and Serbia – with the additional use of paint.

“A relatively new development in pushback practices is the tagging of groups with orange spray paint,” BVMN said, referring to two events at the beginning of May, when migrant groups attempted to enter Croatia from Bosnia.

After the case was reported in the international media, including the UK Guardian, Croatia denied the allegations on Wednesday, stating that the BWMN “regularly publishes accusations against the Croatian police and the Republic of Croatia, as well as all other countries on the Balkan migrant route”.

“The fabrication that migrants are marked [with a spray] in the sign of the cross because of their faith demonstrates the authors’ ignorance and a premeditated attack against Croatia without any knowledge of the basic facts,” the Interior Ministry said, adding that it had “immediately conducted an urgent investigation with the help of our police administrations”.

“It has been established that along the border with Bosnia and Herzegovina which has been indicated, the Croatian Police did not conduct any [such] activities towards migrants,” the ministry said.

The watchdog organisations meanwhile concluded that they will “continue to carry out their work as independent monitors, tracking and reporting on the unfolding situation at EU external borders”.

Hungarian Police Accused of Abusing Powers to Arrest Critics

Police in Hungary on Wednesday at 6am detained an opposition politician, János Csóka-Szűcs, in Gyula, a small town in Békés County, the media outlet Magyar Narancs reported.

Csóka-Szűcs is the local leader of an opposition movement called the Kossuth Circle and a supporting member of the Momentum party.

Police raided his home and seized his mobile phone and computer, and he was detained and interrogated at the local police station.

Csóka-Szűcs was told that he was being questioned because of a Facebook post from April 20 that he published in a local group “Uncensored chatroom of Gyula,” which was suspected of fear-mongering.

He may face charges under a recent amendment to the criminal law that introduced punishments of one to five years in jail for spreading “falsehoods” or “distorted truth” deemed to obstruct the efforts to combat the pandemic.

This amendment was the part of the controversial Coronavirus Bill, which critics said gave almost “dictatorial” powers to the Prime Minister, Viktor Orbán.

In response to the arrest, the opposition Democratic Coalition said it was organising an “online demonstration”.

Katalin Cseh, an MEP from the Momentum movement, asked people on Twitter https://twitter.com/katka_cseh/status/1260528932392259587 to share the story of Csóka-Szűcs. She accused the police of abusing the law to detain critics of the Orbán-led government.

On April 20, when anti-government demonstrations were held in Budapest, and in the town of Gyula, Csóka-Szűcs shared a call for the demonstration, adding that “1,170 beds were emptied in Gyula as well” to deal with the pandemic.

His post referred to the country-wide anti-pandemic measure during which 60 per cent of all hospital beds were freed up to deal with COVID-19 patients.

In fact, in the local hospital, about 1,200 beds had been duly freed up. But, with this sentence, Csóka-Szűcs had allegedly “obstructed efforts to combat the pandemic”.

Csóka-Szűcs spent four hours in detention at the police station and had to walk home; police did not take him home despite the fact that he is disabled.

This was the second arrest in Hungary for fear-mongering in two days. On Tuesday, a 64-year-old man was detained by police near Szerencs in Borsod county.

He was questioned over a Facebook post he published on 28 April in which he had criticized the government’s anti-pandemic measures, claiming it had deliberately lifted the curfew restrictions at the peak of the pandemic to cause mass infections. He also addressed “Our dear dictator, our dear leader”, saying: “You are a cruel tyrant, but remember, all dictators have failed so far.”

The man, called András, talked later to 444 media outlet about his interrogation.

According to a statement on 5 May, police in Hungary had initiated 83 proceedings on suspicion of fear-mongering and 26 on suspicion of threatening public danger since the pandemic started.

For more information on the state of digital rights and violation amid the pandemic, check BIRN’s digital rights monitoring database.

Freedom of Information Curbs Alarm Rights Activists in Hungary

The Hungarian government’s decision to limit the application of the EU’s General Data Protection Regulation, GDPR, is fueling fear among the opposition and civil society organisations that human rights face further curbs in the country.

Justified by the need to stop the spread of the coronavirus, the authorities can now use the personal data of citizens without clear regulations about when they can use it, and for what purpose.

Viktor Orban’s government has also additionally limited information access by extending the deadline for public institutions to provide requested data through FOI regulations from 15 to 45 days. The deadline can be prolonged for another 45 days meaning one could have to wait up to 90 days for answers – another step backwards in terms of media freedom.

The government says both decisions will be revoked once the state of the emergency, imposed on March 11, is lifted.

But rights groups and the opposition now fear a repeat of events in 2015. In that year, the Orban government introduced controversial “crisis” measures to stop an influx of migrants that are still in force today – despite the dramatic decline in the number of migrants and refugees coming to Hungary since then.

‘Crisis’ measures that risk becoming permanent


Attila Peterfalvi. Photo: Wikimedia commons/BudayLilla 

The government restricted data protection rights as stipulated by the GDPR and the Act on Freedom of information on May 4.

It imposed a state of emergency on 11 March and extended it indefinitely on March 31.

Under the state of emergency, the government has the authority to govern through decrees, while parliament is suspended.

The latest changes come after several international reports highlighted serious declines in the quality of Hungarian democracy and press freedom.

The Nations in Transit report, issued in May by the watchdog organisation Freedom House, notably ranked Hungary as the only non-democracy in the whole of the EU.

“Hungary’s decline has been the most precipitous ever tracked in Nations in Transit; it was one of the three democratic frontrunners as of 2005, but in 2020 it became the first country to descend by two regime categories and leave the group of democracies entirely,” the report said.

The Press Freedom Index released by the watchdog organisation Reporters Without Borders ranked Hungary in the lowest place for press freedom in the EU.

It said access to information was becoming ever more difficult for independent journalists, who are now banned from freely putting questions to politicians or from attending many events.

Now, not only do Hungarian institutions have 90 days instead of 30 to answer an FOI request, – triple the previous length – but requests related to privacy will remain unanswered until the state of emergency is lifted.

This may mean journalists waiting three months to get access to vital information. And, with so many things happening fast during the state of emergency, the risk is that the information will become irrelevant or outdated.

The government justified the much longer deadline to answer FOI requests by claiming that keeping to the 15-day deadline could “endanger the fulfilment of the [relevant institution’s] public tasks in relation to the emergency”, so the decree says.

When it comes to the suspended GDPR articles, they include: the right of access by the data subject; the right to erasure (the “right to be forgotten”); the right to restriction of processing; for information to be provided when personal data are collected from the data subject, or information to be provided when personal data have not been obtained from the data subject.

Important information on the way the authorities obtain personal data, its purpose, and how it is processed, protected, or shared with other authorities, will now only become available when the state of emergency ends.

The authorities insist concern about these changes is needless. In response to a query from BIRN, Attila Peterfalvi, chair of the National Authority for Data Protection and Freedom of Information, said the decree applies only to requests for data in relation to the battle against the coronavirus, and that the data controller will also have to prove why they wish to apply the special regulation.

Peterfalvi noted also that GDPR gives participating states the right to restrict its provisions. The decree doesn’t actually take away any rights, or the right to remedy, but only delays their execution until the end of the state of emergency, he stressed.

Officials also point out that they will lift the state of emergency when it is no longer needed.

But opposition politicians and rights groups are not persuaded. They recall that the “crisis” measures imposed to stop illegal migration in 2015 were prolonged again and again – and still remain effective – long after the number of migrants attempting to cross Hungary decreased drastically.

Worryingly broad legislation


Illustration. Photo : EPA-EFE/Zoltan Balogh

The 30-day GDPR deadline to answer COVID-19-related data subject requests will resume once the state of emergency ends. This means that, until then, if someone submits a request related to COVID-19, or lodges an objection against the processing of his personal data related to COVID-19, the data controller is not required to take any steps to erase the data, rectify the data, or restrict its processing.

Furthermore, the legislation does not define the exact categories of personal data or the type of data controllers that fall under it.

As a result, any data controller taking part in the fight against COVID-19, or processing COVID-19-related personal data, can interpret the new legal provisions widely and broaden its restrictions to apply to as much personal data as possible.

Ádam Remport, data protection expert at the Hungarian Civil Liberties Union, an NGO, told BIRN that he believes the decree suspends fundamental rights, which the GDPR does not allow for.

The wording of the decree is too general and its reasoning too weak, he adds.

Remport said the GDPR is very strict about when member countries can suspend its application.

He notes that the GDPR says a restriction may only be imposed if it “respects the essence of the fundamental rights and freedoms”, and if this restriction “is a necessary and proportionate measure in a democratic society”.

Remport says the total suspension of certain rights does not fit into this category. He adds that while the decree indicates the purpose of the legislation, all the other reasoning is missing.

“The decree should list explicitly to which data and data controller it applies. It should at least justify why there is no such list,” he said.

In its current form, he added, the decree is too wide-ranging and can be applied to anything, from healthcare to the economy.

The GDPR also demands the right to an effective remedy, a right which cannot be suspended, he said. “According to the European Convention on Human Rights, and the GDPR, a remedy is real if it provides an effective judicial remedy.

“The wording of the decree doesn’t contradict this directly, as in theory one can still appeal. But until the state of emergency ends, nobody can go to court,” he pointed out.

“Nobody knows when the emergency will end, so we can’t call this an effective remedy; it is not a real remedy,” he concluded.

FOI rights undermined for years


Illustration. Photo: Pxfuel

As state communication become more centralized in Hungary – and effectively censored during the COVID-19 emergency, according to one NGO report, FOI requests have become ever more important as tools for journalists to extract relevant information about state operations.

Miklos Ligeti, legal director of Transparency International Hungary, told BIRN that the government in Budapest has been undermining this right for years.

“The Hungarian government has continuously restricted access to public data since 2013. From this point of view, the new decree is not a novelty,” he said.

The only guaranteed way to gain access to public data was via the courts, Ligeti added. “Now the time one has to wait before going to court has been prolonged,” he continued.

According to Transparency International, the decree goes against the constitution, as the right to freedom of information it refers to implies fast and timely access – while waiting months for an answer is anything but.

Since 2013, according to the government, FOI requests can be rejected if they are too “comprehensive”, as over-detailed questions are deemed a “misuse” of FIOA rights.

To decide what question is too detailed is, again, up to the data owner. The next restriction, which followed in 2015, allowed data owners to bill the information requester for “reimbursement of expenses”, if replying to the request involves “a disproportionate amount of work” for the relevant institution.

Tamas Bodoky, founder and editor-in-chief of Átlátszó, an investigative portal, told BIRN that the new moves were yet another attempt to restrict the FOI law.

“This is the third time the Orbán government is restricting FOI. This tendency, and the suspension of the GDPR Articles are the real concern – not that we might have to wait longer to get information,” Bodoky said.

Bodoky notes that if institutions demand reimbursement for work, “it is usually around 5,000 to -20,000 forints [14 to 60 euros]. To pay this money is not a problem for a lawyer or an editorial. But the intention behind this is to prevent citizens from using this tool to control power”.

His investigative portal has developed a tool through which users can send FOI requests to any public body.

According to him, data owners rarely demand “unreasonable” sums of money for reimbursement. If they do, or the info request is denied, “one can go to court. But that takes time and costs money, and people cannot afford it”.

Fortunately, he adds, judges usually favour making data public. But sometimes, despite a court judgment, data owners still withhold the data. “In that case, we remain without means, as public prosecutors will do nothing to enforce the verdict,” Bodoky warned.

Átlátszó uses FOI requests a lot for its investigations, and has faced various other methods by which state institutions hide information.

“Once the cabinet office of the Prime Minister sent us documents that were photocopied so many times – or maybe digitally blurred – that they were barely readable,” Bodoky recalled. “This shows clearly what the Hungarian government thinks about freedom of information,” he adds.

Miklós Ligeti says the broad implications of the latest moves are more concerning than their exact detail.

“If we look at the big picture, we see that the lack of reliable data makes rational public conversation impossible,” he warned. “Once there is no information, citizens cannot make responsible political decisions,” he concluded.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now