Tag: digital freedom

Fakebooks in Hungary and Poland

Posted on by Ivana Jeremic

Poland and Hungary have seen the launch recently of locally developed versions of Facebook, as criticism of the US social media giants grows amid allegations of censorship and the silencing of conservative voices.

The creators behind Hundub in Hungary and Albicla in Poland both cite the dominance of the US social media companies and concern over their impact on free speech as reasons for their launch – a topic which has gained prominence since Facebook, Twitter and Instagram banned Donald Trump for his role in mobilising crowds that stormed the Capitol in Washington DC on January 6. It is notable that both of the new platforms hail from countries with nationalist-populist governments, whose supporters often rail against the power of the major social media platforms and their managers’ alleged anti-conservative bias.

Albicla’s connection to the ruling Law and Justice (PiS) party is explicit. Right-wing activists affiliated with the PiS-friendly weekly Gazeta Polska are behind Albicla, whose name is as obscure to Poles as it is to the international reader, although Ryszard Kapuscinski from the Gazeta Polska team claims it is an amalgamation of the Latin phrase albus aquila, meaning “white eagle”, a Polish national symbol.

The activists say Albicla is a response to the “censorship” of conservative voices by the global internet giants. “We have disturbed the powerful interests and breached the walls of the ideological front that is pushing conservative thinking to the sidelines,” Tomasz Sakiewicz, editor-in-chief of Gazeta Polska, wrote on Thursday, the day after the new portal was launched.

“Not all the functionalities are ready because we wanted to launch the portal in the last hour of the rule of the leader of the free world,” Sakiewicz continued, referring to Trump’s last day in office on January 20. “It is now up to us to ensure this world continues to be free, particularly online.”

Busy bees

The origins of Hundub – forged from the words “Hungarian” and “dub”, which also means “beehive” in ancient Hungarian – are less clear. Until recently, Hundub was owned by Murmurati Ltd, an offshore company registered in Belize, but it pulled out last week and Hundub’s founder, Csaba Pal, announced it would be crowdfunded from now on.

The December 6 launch of Hundub received little attention until the government-loyal Magyar Nemzet began acclaiming it as a truly Hungarian and censorship-free alternative to Facebook, which, the paper argues, treats Hungarian government politicians unfairly. Prime Minister Viktor Orban was one of the first politicians to sign up to Hundub, but all political parties have rushed to register, starting with the liberal-centrist Momentum, the party most favoured by young people.

Pal – a previously unknown entrepreneur from the eastern Hungarian city of Debrecen – said his goal was to launch a social media platform that supports free speech, from both the left and right, and is free from political censorship. “The social media giants have grown too big and there must be an alternative to them,” Pal told Magyar Nemzet, accusing the US tech company of deleting the accounts of thousands of Hungarians without reason.

While it’s unclear whether there is any government involvement in Hundub, its launch is proving handy for the prime minister’s ruling Fidesz party in its fight against the US tech giants. Judit Varga, the combative justice minister, regularly lashes out at Facebook and Twitter, accusing them of limiting right-wing, conservative and Christian views. Only last week, she consulted with the president of the Competition Authority and convened an extraordinary meeting of the Digital Freedom Committee to discuss possible responses to the “recent abuses by the tech giants”.


Polish Prime Minister Mateusz Morawiecki (L) and the chief editor of Gazeta Polska Tomasz Sakiewicz (R). Photo: EPA/EFE LAJOS SOOS

Future of Farcebooks

Unfortunately for the Polish and Hungarian governments and their supporters, rarely have such technology ventures succeeded.

Eline Chivot, a former senior policy analyst at the Center for Data Innovation, said government-backed ideas such as the recent “French Airbnb” are destined to fail from a lack of credibility, because they are based “on politically biased motives and a misguided application of industrial policy, [and] seek to dominate a market that is no longer up for grabs”.

Indeed, Albicla became the butt of jokes immediately upon its launch as users pointed out the numerous security and functionality flaws. Among them, some of the regulations of the new website were apparently copy-pasted from Facebook, as they included hyperlinks to Mark Zuckerberg’s site; more concerning, it was possible to download the entire database of users the day after launch.

Trolls immediately took advantage of the site’s shortcomings to ridicule it, with countless fake accounts set up for Pope John Paul II, Trump and PiS politicians. Despite it being set up as an “anti-censorship” space, many users have complained of being blocked for unclear reasons in the few days since launch.

“Albicla is an ad hoc initiative by the Polish supporters of Trumpism in direct reaction to the banning of Trump from social media platforms: it’s equivalent to right-wing radicals in the US moving to Parler and other such platforms,” Rafal Pankowski, head of the Warsaw-based “Never Again” anti-fascist organisation, told BIRN.

Pankowski points out there have been similar initiatives before, including stabs at creating a “Polish Facebook”, that were unsuccessful, though there exists a local alternative to YouTube, wRealu24, which the expert describes as “virulently anti-Semitic and homophobic” and whose popularity cannot be ignored.

Likewise, Hundub has been roundly mocked. Critics point out it is just a simplified version of Facebook that looks rather embarrassing in technological and layout terms. It has the same features as Facebook – you can meet friends, share content, upload photos and videos, and, as an extra feature, there is also a blog-format where you can publish your own stories uncensored. Even the buttons are similar to those Facebook uses.

Hvg.hu recalls that Hungarians actually had their own highly successful pre-Facebook called iWiW (an abbreviation of “International Who Is Who”), which was launched in 2002 and became the most popular website in Hungary between 2005 and 2010 with over 4.5 million registered users. Alas, competition from Facebook forced it to close in 2014.

It is unlikely that Hundub will be able to challenge Facebook’s dominance, but media expert Agnes Urban from Mérték Research said in an interview that Hundub could be used by Orban’s Fidesz party to rally supporters before the 2022 election and create an enthusiastic community of voters.

Founder Csaba Pal also explained that his aim is to create a social media platform for all Hungarians, meaning ‘Greater Hungary’ with its ethnic brethren in parts of Serbia, Romania, Ukraine and Slovakia.

Hungarian politicians, from left and right, are very active on Facebook and, to a lesser extent, on Twitter. Prime Minister Orban, initially wary of digital technology, now leads with over 1.1 million followers on Facebook and has even chosen to announce a number of policy measures during the pandemic on his page.

Justice Minister Varga and Foreign Minister Peter Szijjarto, notwithstanding their frequent outbursts, are both avid users of Facebook. It is not known whether any of their Facebook activity has been censored or banned; the business news site Portfolio recalls that the only political party to have been banned is the far-right Mi Hazánk party, whose leader, Laszlo Torockai, also had his account deleted. No doubt they will able to start afresh on Hundub.

Albicla also stands to benefit from its close connections to the Polish government, which since coming to power in 2015 has bolstered the pro-government media via mass advertising by state-controlled companies.

According to research conducted by Kantar this summer, the 16 state companies and institutions analysed by the consulting firm increased their advertising budgets to Gazeta Polska by 79 per cent between 2019 and 2020 – a period during which most media have lost advertising due to the pandemic. Gazeta Poska Codziennie, a daily affiliated with the same trust, has seen similar gains. And the foundation of Gazeta Polska editor-in-chief Tomasz Sakiewicz has also benefitted from state funds to the tune of millions of zloty.

By contrast, since PiS came to power, the media critical of the government, such as Gazeta Wyborcza, have seen their revenues from state advertising slashed.

In 2019, Gazeta Polska made international headlines when it distributed “LGBT-free zone” stickers with the magazine, in a period when PiS counsellors across Poland were starting to push for the passing of resolutions declaring towns “zones free of LGBT ideology”.

Despite the hiccups at launch, Albicla was immediately endorsed by high-level members of the government, including Piotr Glinski, the Minister of Culture and National Heritage, and Sebastian Kaleta, a secretary of state at the Ministry of Justice.

Kaleta is also the man in charge of a new draft law on the protection of freedom of speech online, announced in December by the Justice Ministry, which would prevent social media companies from being able to remove posts or block accounts unless the content is in breach of Polish law.

The International Network Against Cyber Hate (INACH), an Amsterdam-based foundation set up to combat discrimination online, has argued that “over-zealous” policing of harmful speech is not an issue in Poland and that the new Polish law might mean, for example, that online attacks against the LGBT community – which are not covered by national hate speech legislation – might go unpunished.

And where might those online attacks against the LGBT community be disseminated? Albicla, perhaps.

COVID’s Toll on Digital Rights in Central and Southeastern Europe

Posted on by BIRD

The report presents an overview of the main violations of digital rights in Bosnia and Herzegovina, Croatia, Hungary, Kosovo, Montenegro, North Macedonia, Romania and Serbia between January 31 and September 30, 2020, and makes a series of recommendations for authorities in order to curb such infringements during future social crises.

A first report, compiled by BIRN and which contained preliminary findings, showed a rise in digital rights violations in Central and Southeastern Europe during the pandemic, with over half of cases involving propaganda, disinformation or the publication of unverified information.

The global public health crisis triggered by the coronavirus exposed a new the failure of states around the world to provide a framework that would better balance the interests of safety and privacy. Instead, the report documents incidents of censorship, fake news, security breaches and concentration of information.

More than 200 pandemic-related violations tracked

At the onset of the pandemic, numerous violations of digital rights were observed – from violations of the privacy of persons in isolation to manipulation, dissemination of false information and Internet fraud.

BIRN and Share Foundation documented 221 violations in the context of COVID-19 during the eight-month monitoring period, the largest number coming during the initial peak of the pandemic in March and April – 67 and 79 respectively – before slowly declining.

The countries with the highest number of violations to date are Serbia, with 46, and Croatia, with 44.

The most common violation – accounting for roughly half of all cases – was manipulation in the digital environment caused by news sites that published unverified and inaccurate information, and by the circulating of incomplete and false data on social media.

This can be explained in large measure by the low level of media literacy in the countries of the region, where few people actually check the news and information provided to them, while the media themselves often publish unverified information.

The most common targets of digital rights violations were citizens and journalists. However, both of these groups were frequently also among the perpetrators.

Contact tracing apps: Useful or not?

The debate about the use of contact-tracing apps as a method of combating the spread of COVID-19 was one of the most important discussions in Croatia and North Macedonia.

At the very beginning of the pandemic, the Croatian government led by the conservative Croatian Democratic Union, HDZ, proposed a change to the Electronic Communications Act under which, in extraordinary situations, the health minister would request from telecommunications companies the location data of users.

Similarly, Macedonian health authorities announced they were looking to use “all tools and means” to combat the virus, with North Macedonia among the first countries in the Western Balkans to launch a contact-tracing app on April 13.

Developed and donated to the Macedonian authorities by Skopje-based software company Nextsense, the StopKorona! app is based on Bluetooth distance measuring technology and stores data locally on users’ devices, while exchanging encrypted, anonymised data relevant to the infection spread for a limited period of 14 days. According to data privacy experts, the decentralised design guaranteed that data would be stored only on devices that run the app, unless they voluntarily submit that data to health authorities.

Croatia launched its own at the end of July, but by late August media reports said the Stop COVID-19 app had been downloaded by less than two per cent of mobile phone users in the country. The threshold for it to be effective is 60 per cent, the reports said.

Key worrying trends mapped

Illustration: Olivia Solis

Bosnia and Herzegovina saw a number of problems with personal data protection, free access to information and disinformation. In terms of disinformation, people were exposed to a variety of false and sometimes outlandish claims, including conspiracy theories about the origin of the coronavirus, its spread by plane and various miracle cures.

Conspiracy theories, like those blaming the spread of the virus on 5G mobile networks, flourished online in Croatia too. One person in Croatia destroyed their Wifi equipment, believing it was 5G.

In Hungary, fake news about COVID-19 arrived even before the virus itself, said journalist Akos Keller Alant, who monitored the digital environment in Hungary.

Several clickbait fake news sites published articles about COVID-19 victims a month before Hungary’s first confirmed case. The Anti-Cybercrime Unit of the Hungarian police arrested several people for spreading fake news, starting in early February when police raided the operators of a network of fake news sites.

In Kosovo, online media emerged as the biggest violators of digital rights by publishing unverified and false information as well as personal health information. Personal data rights were also violated by state institutions and public figures.

In Montenegro, the most worrying digital rights violations concerned privacy and personal data protection of those infected with the coronavirus or those forced to self-isolate.

The early days of the pandemic, when Montenegro was among the few countries that could claim to have kept a lid on the virus, was a rare moment of social and political consensus in the country about how to respond, said Tamara Milas of the Centre for Civic Education in Montenegro, an NGO.

The situation changed, however, when the government was accused of the gross violation of the right to privacy and the right to the protection of personal data.

Like its Western Balkan peers, North Macedonia was flooded with unverified information and claims shared online with regards the pandemic. Some of the most concerning cases included false claims about infected persons, causing a stir on social media.

In Romania, the government used state-of-emergency powers to shut down websites – including news and opinion sites – accused of spreading what authorities deemed fake news about the pandemic, according to BIRN correspondent Marcel Gascon, who monitors digital rights violations in Romania.

In Serbia, a prominent case concerned a breach of security in the country’s central COVID-19 database. For eight days, the login credentials for the database, Information System COVID-19, were publicly available on the website of a public health body.

In another incident, the initials, age, place-of-work and personal address of a person infected with the virus were posted on the official webpage of the municipality of Sid in western Serbia as well as on the town’s social media accounts.

In the report, BIRN and Share Foundation conclude that technology, especially in a time of crisis, should not be seen as the solution to complex issues, be that protection of health or upholding public order and safety. Rather, technology should be used to the benefit of citizens and in the interest of their rights and freedoms.

When intrusive technologies and regulations are put in place, it is hard to take a step back, particularly in societies with weak democratic institutions, the report states. Under such circumstances, the measures applied in one crisis for the protection of public health may one day be repurposed and used against other “social plagues”, ultimately leading to reduced human rights standards.

To read the full report click here. For individual cases, check our regional database, developed together with the SHARE Foundation.

Croatia’s Burgeoning Fintech Scene Blazes Trail For Western Balkans

Posted on by BIRD

When it comes to the digitalization of the public sector in the Western Balkans, not that much happened until COVID-19 came along.

But as the pandemic has continued, certain public services have had to become digital by a force of nature, while the pace of others that started on this road in the last few years has accelerated. The same goes for businesses and industries – those that started this process earlier are now ahead of the curve. One industry likely to emerge strengthened by the challenges that the pandemic has brought is financial technologies, fintech as it is known – as more institutions and businesses opt for “digital-only” services.

With an ICT market growing exponentially each year, Croatia is widely seen as the next fintech destination in Southeast Europe.

Some estimates say the country has close to 60,000 active ICT professionals already. It also has many fintech companies with a presence in global markets as far as Southeast Asia.

“Croatia has seen a tremendous improvement of its fintech scene in the past few years, mostly due to people developing their digital skills independently,” Vlaho Hrdalo, chair of the Croatian Association for blockchain and cryptocurrencies, UBIK, told BIRN.

“A recent Eurostat survey showed Croatian young people to be the leading Europeans in the category of digital skills,” he added.

“These young people realized what skills they needed and then acquired them on their own, as no institutional support was available; and it still isn’t.” Hrdalo continued, noting that while global investors are beginning to turn their attention towards Croatia, the local fintech scene still needs further investment.

Success stories, and hurdles up ahead


Illustration. Photo: Unsplash/Alexandre Debieve

Croatia’s biggest success story when it comes to fintech and the digital payments sector, arguably, is Microblink, a software company that develops computer vision technology.

When it started in 2013 as a local company, it relied only on the financial resources of its founders. Now it has a global presence in the US, Europe and Southeast Asia, developing AI-powered scanning and data extraction products that more than 100 million end-users use.

Microblink’s products have opened up business opportunities for the company, which has been recognised by the fintech industry. It was listed among Europe’s fastest growing companies for 2020.

The company isn’t planning on stopping now, either. It plans to launch new innovative products that revolutionize the fintech industry.

“Two weeks ago, we launched a first-of-its-kind identity document scanner made to be used directly in a web browser. And we firmly believe in-browser ID scanning holds the potential to reshape the way we onboard financial services for the better,” the company told BIRN in a statement.

Another company to watch is Elektronički računi, a company that primarily provides digital business services. It was founded in 2013, when digital invoicing was beginning to become an important segment of business modernization.

“Since 2014, we have introduced the e-Invoice to tens of thousands of companies,” Josip Kovacec, a member of the board of the company, told BIRN.

“It gave us a foothold in the market in EU member states at the time when the mandatory electronic issue of invoices in public procurement was introduced,” he added.

“The idea was to make the e-Invoice available to everyone, with special emphasis on the SME sector, which usually does not have the financial resources to digitize operations,” Kovacec continued.

He said the company had now positioned itself as the largest private information intermediary on the market, sending about 200,000 e-Invoices a month to the Croatian government service that receives all electronic invoices addressed to public entities.

While there are other successful fintech startups and scale-ups in Croatia, what is lacking, however, is a sense of cohesion that would make the Croatian fintech scene a more powerful trend, experts say.

“There have been meetups and conferences, but the situation around COVID-19 has made such events impossible,” Ivan Brezak Brkan, the founding editor of Netokracija.com, told BIRN.

“For experience and knowledge to compound for the whole community, there has to come a point where they all need to work together to create a ‘fintech scene,’” he added. “A rising tide lifts all fintech – and an active community would help create interest among developers, new companies, and so on.”

Regulation remains a grey area


Illustration: Unsplash/Clifford photography

Besides hosting companies that are developing high-quality fintech products, Croatian towns are also implementing some of those technologies locally.

At the end of June, the town of Sveta Nedelja became one of the first in the whole of the EU to introduce a payment service that includes cryptocurrencies.

Built by another Croatia-based company, the cryptocurrency brokerage Electrocoin, the service enables shops to accept payments in cryptocurrencies for free, converting them into the national currency, the kuna.

However, as financial technologies enter more and more segments of Croatian society, regulations about the way fintech companies conduct their business remain a grey area.

“Not much has happened in this area, as there still are no laws governing fintech, blockchain, or artificial intelligence,” UBIK’s Hrdalo explained.

“UBIK held numerous meetings with Croatian regulators to bridge the gap between galloping industries and dormant laws. This was successful, as the approach of the regulators did change from initial scepticism to acceptance,” he added.

“But without exact rules in place, digital companies in Croatia have to discover where they touch the regulatory perimeter on their own, which isn’t always the best way forward,” he continued.

Experts say general business-related laws affect these companies the most. “For example, high taxes on employment make these companies less competitive than rivals in other markets, and a business-unfriendly administrative system makes it literally uneasy to do business,” Netokracija’s Brkan said.

“While the recently re-elected Prime Minister, Andrija Plenkovic … has said he will make the country more business-friendly, most entrepreneurs remain skeptical,” he noted.

Bureaucratic hurdles and the presence of numerous regulatory bodies pose a challenge for all companies in Croatia.

“Take consumer protection – almost every branch or type of service has its own regulatory agency, and in parts where two branches potentially overlap, there are discrepancies in their procedures,” Kovacec pointed out.

“During the pandemic, most business with the state was digitized, which gave some hope that Croatia could aspire to reach Estonia’s level of digitalization at least. But, with the fall in the number of infections and the reopening of the economy, suddenly everything needs paper again.”

Beacon for the rest of the Balkans


Illustration. Photo: Unsplash/Christian Wiediger

As “digital-only” services become the new normal, Croatia’s progress ha the potential to set a trend for the rest of the Western Balkans.

With ICT industries in most Western Balkans countries also among their most prosperous, the potential to be explored is vast.

“We have top IT experts recognised everywhere in the world. But we have not yet realised that this sector can be one of the most important industries in Croatia,” Kovacec claimed.

Recently, North Macedonia took a step towards developing its own digital economy, signing an agreement with financial giant Mastercard. The deal on implementing digital identities would allow its citizens to open bank accounts without being physically present at banks, for example.

This country also has companies that are becoming serious players in the fintech industry, and could potentially follow the Croatian path. “We have one startup that works with storing the digital data and tokens of wealthy people from the Arab world, which the whole insurance industry is talking about,” Skopje-based business consultant Igor Izotov told BIRN.

“Maybe tomorrow we can say the digital tokens and bitcoins of a reality or Hollywood star were stored on a Macedonian software solution,” he mused.

However, for these and similar companies from the region to fully realise their potential, more marketing skills are needed, experts warn.

“As with the rest of the Eastern European startup scene, business skills and scaling are proving most valuable. One low-valued skill in the post COVID-19 era is content creation, inbound marketing and thought leadership,” Brkan explained.

“Self-taught content marketers aren’t given the budgets or the freedom to experiment, so B2B sales for fintech are definitely one of the biggest hurdles – and the strategic use of content for B2B is one of the skills that is lacking,” he concluded.

SEE Digital Rights Network Established

Posted on by BIRD

Nineteen organisations from Southeast Europe have joined forces in a newly-established network that aims to advance the protection of digital rights and address the growing challenges posed by the widespread use of advanced technologies in society.

Initiated by Balkan Investigative Reporting Network, BIRN, and SHARE Foundation, the SEE Digital Rights Network is the first network of its kind focused on the digital environment and challenges to digital rights in Southeast Europe.

The network brings together 19 member organisations – from Albania, Bosnia and Herzegovina, Croatia, Greece, Kosovo, Montenegro, North Macedonia and Serbia – dedicated to the protection and promotion of human rights, both online and offline.

Each is committed to advancing their work on issues of digital rights abuses, lack of transparency, expanded use of invasive tech solutions and breaches of privacy.

Since the onset of the COVID-19 pandemic, Central and Southeast Europe has seen a dramatic rise in the rate of digital rights violations, in countries where democratic values are already imperiled.

“This endeavour comes at a moment when we are seeing greater interference by state and commercial actors that contribute to the already shrinking space for debate while the exercise of basic human rights is continuously being limited,” said BIRN regional director Marija Ristic.

“The Internet has strong potential to serve the needs of the people and internet access has proved to be indispensable in times of crisis such as the COVID-19 pandemic. Our societies are becoming more digital, which presents a powerful incentive to increase the capacity of organisations dealing with digital developments and regulations in our region.”

Illustration: BIRN

During a first joint meeting, the members of the network agreed that the challenges posed by the fast-evolving tech solutions used by states have led to infringements of basic rights and freedoms, while false and unverified information is flourishing online and shaping the lives of people around the region.

The online sphere has already become a hostile environment for outspoken individuals and especially marginalised groups such as minorities, LGBTIQ+ community, refugees and women.

“Digital technology is profoundly changing our societies as it becomes an important part of all spheres of our lives, so we see the diversity of organisations that joined this network as one of its biggest strengths,” said Danilo Krivokapic, director of the SHARE Foundation.

“We can learn so much from each other’s experience, as we have similar problems with governments using technology to exert control over society, especially in times of crisis such as the COVID-19 pandemic,” he said. “It is also important that we act together when we are trying to restore the balance between our citizens and big companies (Facebook, Google etc) that hold enormous amounts of our personal data and through this exert significant power over us.”

The network’s aim is to build on the skills, knowledge and experience of its members to achieve common goals such as strengthening democracy in the region and protecting individuals in the digital environment.

While cherishing the values of safety, equality and freedom, the work of the SEE Digital Rights Network will be directed at achieving the following goals: to protect digital rights and internet freedoms, enable people to access accurate information, make the internet a safer place, detect and report hate speech and verbal violence online, especially against women and other vulnerable groups, identify online recruitment, which can lead to exploitation, take control of  personal data, work to prevent the implementation of intrusive surveillance systems, hold governments accountable for the use and abuse of technology and improve digital literacy in order to prevent violence and exploitation.

The network will aim to increase the level of understanding of complex and worrying trends and practices, trying to bring them closer to the general public in a language it can understand. By creating a common space for discussion and exchange, organisations and the media will be able to increase the impact of their individual efforts directed towards legislative, political and social changes.

For more information about the network please contact: sofija.todorovic@birn.eu or/and nevena@sharedefense.org.

Here you can find the full text of the SEE Digital Right Network Declaration. The Declaration is also available in BCS, Macedonian and Albanian.

The organisations that have joined the network are as follows:

  1. A 11 – Initiative for Economic and Social Rights – Serbia
  2. Balkan Investigative Regional Reporting Network (BIRN) – Bosnia and Herzegovina
  3. Centre for Civic Education – Montenegro
  4. Center for Internet, Development and Good Governance (IMPETUS) – North Macedonia
  5. Civic Alliance (CA) – Montenegro
  6. Civil Rights Defenders (CRD)
  7. Da se zna – Serbia
  8. Gong – Croatia
  9. Homo Digitalis– Greece
  10. Open Data Kosovo (ODK) – Kosovo
  11. Media Development Centre (MDC) – North Macedonia
  12. Metamorphosis Foundation – North Macedonia
  13. Montenegro Media Institute (MMI) – Montenegro
  14. NGO Atina – Serbia
  15. Partners Serbia – Serbia
  16. Sarajevo Open Centre – Bosnia and Herzegovina
  17. Share Foundation – Serbia
  18. Vasa prava BiH – Bosnia and Herzegovina
  19. Zašto ne? – Bosnia and Herzegovina

Insults, Leaks and Fraud: Digital Violations Thrive amid Pandemic

Posted on by Ivana Jeremic

From January 26 to May 26, BIRN collected information about 163 cases of breaches of digital rights in Bosnia and Herzegovina, Croatia, Hungary, North Macedonia, Romania and Serbia.

Sixty-eight of the cases related to the manipulation in digital environment, while 25 related to publishing falsehoods and unverified information with the intention to damage someone’s reputation.

BIRN’s monitoring of digital rights, developed together with the SHARE Foundation, has shown that ordinary people were the most affected by such violations, with members of the public being the target in 126 of the cases.

State institutions or state officials violated digital rights in a total of 37 cases, meanwhile.

States rarely addressed the abuses arising from these violations, and in 45 cases, the perpetrators were not identified, while 139 of the total of 163 cases were not resolved.

Eight cases were the result of pressure related to the publication of information, 12 were linked to insults and unfounded accusations and 11 were hate speech and discrimination.

Medical and personal data breaches featured in 18 cases, computer fraud was registered on 11 occasions, while the destruction and theft of data and programs happened in three cases.

Beyond the countries listed above, BIRN noticed an unprecedented rise of digital violations in Montenegro and Turkey, where there were arbitrary arrests and data breaches.

Hackers, data breaches and illegal processing


Infografic: BIRN

Leaked documents, fake websites and the publication of people’s personal and health data have been commonplaces during the ongoing pandemic, but the scale and consequences of the breaches and of the illegal processing of data has yet to be established.

Speculation about the number and identity of COVID-19-infected people led to the mass exposure of personal and private data on social media and messaging platforms. In some cases, the leaks were small in terms of data, but had potentially serious consequences, particularly in situations in which patients’ personal data was revealed.

The most serious cases were reported in Croatia, North Macedonia and Montenegro.

In March in Croatia, a message containing a list of infected patients was shared among people living on the island of Murter, mostly through messaging apps.

Illegal personal data processing and privacy breaches took place in North Macedonia as well. The country’s Agency for Personal Data Protection filed criminal charges against an unknown person for publishing the personal data of people living in the town of Kumanovo.

The public in Serbia became concerned when it was discovered that the login credentials for Serbia’s information system for analysis and storage of health data during the pandemic were publicly available on a health institution website for eight days.

Citizens of Montenegro suffered most from stigmatisation due to a number of leaks of COVID-19 patients’ records. The infected patients’ identities were revealed in posts on social media, sparking hate speech against them.

Individuals who were violated self-isolation measures were also targeted, and often, it was governments that were revealing their personal information.

In Bosnia’s Serb-dominated entity, Republika Srpska, authorities launched a website on which they published the names of people who did not follow the entity’s self-isolation measures. The list can still be found online.

As a measure against the spread of the coronavirus, Montenegro’s government published a list of individuals who were put in self-isolation after  returning home from abroad. The lists, structured by municipalities, include the individuals’ names, surnames, the date when they were put into isolation, and their home addresses. The list was only removed a month after it was published.

People were also targeted by hacker attacks and fraudulent messages or emails, usually trying to collect their personal information or request payments to foreign banks or crypto-currency accounts, as cybercriminals took advantage of the public concerns and confusion created by the pandemic.

Scams, phishing campaigns and cyber-attacks exploiting people’s fear of COVID-19 were most common in Croatia, Serbia, Hungary, North Macedonia and Romania. The Romanian cybersecurity giant Bitdefender said in March that such attempts at fraud “have risen by 475 per cent in March as compared to the previous month”, and were expected to keep increasing.

Threats, hate speech and discrimination


Infographic: BIRN 

While some countries limited the scope of the freedom of speech during the pandemic, some people used their online freedom to unleash threats, insults, discriminatory posts and hate campaigns.

BIRN’s overview looked at several categories of violations:

  • Hate speech and discrimination
  • Threatening content and the endangerment of security
  • Insults and unfounded accusations
  • Falsehoods and unverified information directed towards the damaging of reputations

In total, more than 15 per cent of all the cases that were monitored included one of these violations. The largest number –

This type of online behaviour was often combined with the use of fake accounts and the paid promotion of false content.

The people most commonly affected by the digital violations that were monitored were journalists, medical professionals and people in quarantine.

Discriminatory posts and acts were directed mostly towards refugees, Chinese and Jewish people, women and the Roma community, with the largest number of such cases occurring in Hungary.

Gender-based discrimination was reported in Serbia, where the victims were predominantly politically-engaged individuals and journalists who criticise the government.

Threats and calls for violence against the police in Serbia and Bosnia and Herzegovina were found on Facebook. In both cases, authorities reacted promptly and perpetrators were identified and detained. In North Macedonia two police officers were fined for having taunted and offended people on social networks.

Violations related to damaging reputation predominantly affected governments’ political opponents, independent media and journalists.

Serbia was the country with the largest number of posts aimed at damaging the reputation of independent journalists. In three of four cases of publishing falsehoods, the journalists who were targeted were women.

Journalists were also targeted in North Macedonia and Hungary.

Pressure and arrests for publishing information


Infographic: BIRN 

Due to the highly controlled media landscape and poor level of media literacy in the countries that were monitored, the public was overwhelmed with contradictory information and had much more difficulty in recognising false and misleading information during the pandemic than usual. At the same time, the public’s need for timely and proper information had never been bigger.

While the flow of information continued to grow immensely, states started to arrest citizens for posts on social media over the accusation they caused panic and unrest. Some countries imposed authoritarian regulations that limited the flow of information.

Members of the public, media representatives and politicians were arrested and fined for their writings on social media, often without any clear criteria. Journalists were arrested in Serbia, Kosovo and Turkey.

Arrests and fines have become one of the main tactics to counter fake news and violations of restrictions imposed by all governments in the states that were monitored. In Hungary, Serbia, Bosnia, Croatia and North Macedonia, top state officials warned the public that they faced immediate sanctions for spreading fake news amid the pandemic.

From conspiracy theories to false measures


Illustration: BIRN 

Out of 163 cases, the largest number, 68, were linked with the misuse or manipulation of information. They mostly concerned different fake news, the use of false identities online, the sharing of conspiracy theories, or posts classified by the authorities as causing panic and disorder.

Some of the topics that were misused in this way included:

  • Medicines that can cure the coronavirus, vaccines and laboratory tests
  • Disinfection procedures
  • Tips and advices on how to cure the coronavirus
  • The number of infected people
  • Information about infected people
  • Information on medical institutions and their work
  • The start of the virus and how it developed
  • State measures and actions that have never been declared nor taken
  • Supermarkets and food shortages
  • 5G
  • Other conspiracy theories
  • Online education and information relevant for students
  • Offensive posts and videos about quarantined citizens and about people who arrived from a foreign country
  • Disturbing announcements about the COVID-19 outbreak

In some countries, such as Serbia and Hungary, levels of media freedom are low, with mainstream media often spreading disinformation, while independent media are called fabricators of lies by the authorities.

Nearly 25 per cent of all cases of the misuse or manipulation of information were resolved in some way. The outcomes included:

  • Website or content removal by the state
  • A request for the removal of the problematic post
  • Detention or arrest of a person
  • Official statement about the incident or a public apology

In Romania, most cases in this category ended in content removal. In Serbia, Hungary and Croatia, arrest was the most common outcome.

Manipulated information, conspiracy theories and unfounded claims emerged en masse on social media platforms and news website when most of the countries introduced emergency measures.

Disinformation was most intensively distributed via YouTube, where content blamed the expansion of 5G technology for the COVID-19 outbreak, or blamed multinational companies or foreign governments for the pandemic. In Croatia, one person even destroyed WiFi equipment, thinking it was 5G infrastructure. Mentions of the alleged influence of 5G networks on the pandemic was noted in Romania and Serbia, both on news websites and on social media.

News websites in Serbia, Romania, Hungary and Croatia often published manipulative content that included false information.

April was the month with the largest number of cases reported in this category. Some  30 out of the total 68 cases of manipulations in the digital environment were registered that month.

Information circulating in April and May, which was manipulated or false, mainly referred to the curfew, the number of COVID-19 patients and tests, students’ exams, people in quarantined, 5G transmitters, enforced microchipping and the funding of religious communities. In almost all cases from this category, members of the public were ones affected.

The rise of ‘unknown’ attackers


Illustration: BIRN

In comparison to the cases of online violations reported before the COVID-19 outbreak, BIRN’s monitoring noted a significant rise in cases in which the perpetrators cannot be identified. The number of these cases increased tenfold on a monthly basis.

These unknown perpetrators have been creating Facebook pages, using the virus situation to persecute independent journalists and others, send fraudulent messages in order to destroy computer software systems or steal money, and creating fake website accounts to spread conspiracy theories or medical disinformation.

Unknown perpetrators have also been responsible for computer frauds, the destruction and theft of data and for making content unavailable using technical skills. Hungary had the most cases involving unknown perpetrators, mainly related to computer fraud.

Cases have also shown how states can be violators of digital rights and freedoms. The increased number of cases which ended in arrest or detention revealed the tendency of states to use more power than was necessary, particularly to arrest journalists and citizens for posts on social media.

From having double standards when it comes to reactions to fake news to using their authority to silence people, governments often acted against the interests of their own citizens. According to the monitoring findings, in almost 25 per cent of all cases, the state itself or a state official was described as the perpetrator of a violation of certain guaranteed rights or freedoms.

On the other hand, members of the public were the victims of violations in 126 cases.

Media regulations across the region have been tightened under states of emergency and journalists have been arrested on accusation of spreading misinformation about authorities’ responses to the spread of the coronavirus. Some countries, like Serbia, sought to centralise the dissemination of official information and banned certain media from regular briefings.

The first worrying legal initiative was noted in Croatia, where the government proposed a change to the Electronic Communications Act under which, in extraordinary situations, the health minister would ask telecommunications companies to provide data on the locations of users’ terminals. The legislative change is currently pending.

In Hungary, the Bill on Protection Against Coronavirus, giving the government almost total control of the flow of information about the pandemic, was adopted at the end of March. The Hungarian government also decided to limit the application of the EU’s General Data Protection Regulation, GDPR, and to extend the deadline for public institutions to provide data requested via freedom of information regulations from 15 to 45 days.

Romanian civil society organisations also drew attention to a lack of official transparency and the possibility of media freedoms being curbed by state-of-emergency provisions. Provisions enacted as part of the state of emergency to combat the spread of the coronavirus allowed the authorities to shut down websites that publish fake news and exempted the authorities from answering urgent inquiries from journalists. Access to a dozen websites has been blocked since then.

In North Macedonia, the media faced new procedures for the issue of work permits during coronavirus curfews. The government insisted that its pandemic measures would not affect the public’s right to information, but in practice, institutions were less responsive to freedom of information requests.

In general, there was a trend among many countries to suspend freedom of information requests.

Digital rights, and rights to privacy and freedom of expression on the internet have all faced serious limitations and breaches in South-East and Central Europe. In the semi-democracies of the region, dominated by regimes with elements of authoritarianism, there is legitimate concern about disproportionate interference in citizens’ personal data and concern that recently-imposed measures are not properly tailored to achieve their objectives while causing the least possible damage to guaranteed rights.

Many people’s lives during this period have completely shifted to the online world, where harmful behaviour usually remains unnoticed by authorities preoccupied by offline violations.

During BIRN’s monitoring period, the lack of a human rights-based approach towards people in the digital environment led to discrimination, hate speech and threats. Although protection of basic human rights and fundamental freedoms should be guaranteed on the internet in the same way as it is offline, in practice we have seen an increase in the number of cases of online violations. The forms that those violations take have been evolving as well.

A lack of knowledge and understanding of the online space, and the subsequent lack of internet governance have opened a Pandora’s Box, allowing various state institutions to arbitrarily, partially and unequally interpret people’s online behaviour.

The intense nature of the battle for control of the narrative about the coronavirus has made meaningful oversight of online life and practices, and establishing accountability for online actions, harder than ever.

To read the detailed overview of our digital rights monitoring click here. For individual cases, check our regional database, developed together with the SHARE Foundation.

Romania: From ‘Hackerville’ to Cybersecurity Powerhouse

Posted on by BIRD

First there was Guccifer, real name Marcel Lazar Lehel, who hacked the email accounts of the Bush family in the United States; then came Hackerville, the moniker given to the town of Ramnicu Sarat due to the international cybergangs it was home to.

Fairly or not, hackers put Romania on the global online map, honing their skills to strike Internet users and companies in the West, particularly the US.

But today, 30 years since the fall of communism, IT and cybersecurity firms are looking to tap the same rich vein of ambition, ingenuity and education that made Romanian hackers so feared and famous.

“Romania is currently one of the largest pools of talent in the IT&C space,” said Bogdan Botezatu, senior e-threats analyst at Romanian antivirus and cybersecurity giant Bitdefender. 

“Based on our tradition in STAMP [Software Testing Amplification] and research, universities deliver engineers, reverse engineers, people who are highly skilled in IT.”

Romania, he said, is already internationally recognised in the field of cybersecurity, and has the potential to play an even greater role.

Made in Romania – a global leader in cybersecurity

Bitdefender is one of the global leaders in cybersecurity, with more than 500 million customers worldwide and a network of research labs in Romania – the largest such network in Europe – to combat online threats.

Some 40 per cent of the antivirus and digital security companies on the market currently use at least one technology developed by Bitdefender. Such success is unparalleled in Romania, a European Union member state where almost no other company has a significant international footprint.

From Bucharest and other Romanian cities, Bitdefender’s experts have led or participated in operations to halt some of the most damaging cyber attacks the world has seen in recent years. 

In 2018, Bitdefender partnered with Europol, Interpol, the FBI and police in a number of EU countries to take down a group of hackers – believed to be from Russia – behind a ransomware called GandCrab. The inventors of the malware sold it on to other hackers who used it against private and corporate users.


View of the Bitdefender’s central headquarters in Bucharest. Photo: BIRN

“It became such a large phenomenon that half of the ransomware attacks happening at that moment were caused by GandCrab,” Botezatu told BIRN. 

“We managed to decrypt [the computers of] 60,000 victims, saving the victims around 70 million dollars.”

Despite its unusual level of sophistication, GandCrab was created as a way for the private individuals behind it to steal other people’s money.

Another type of cyberthreat, however, is state-sponsored and is known among experts as Advanced Persistent Threats, or APTs. 

The goal in this case is to undermine the functioning of key strategic foreign infrastructures or steal secret information from other states. That was the purpose of NotPetya, or GoldenEye, which emerged in 2017 as the work of hackers suspected to have been working for the Kremlin.

These hackers infected the update servers of an accountancy product widely used in the Ukrainian state administration. Everytime a Ukrainian public servant updated the program, the virus entered his or her computer and encrypted all its files. 

The virus had a worm component and quickly contaminated the entire networks to which infected computers were connected, bringing, for example, the Kiev metro to a halt and shutting down at least one airport, several banks and the radiation monitoring system at Chernobyl.

It spread globally, including to Romania, where Bitdefender took charge of the preliminary investigation that led to the identification of the virus after its researchers identified a pattern in the threats suffered by many users of their antivirus products. 

‘You can’t trace them back’

Like the rest of the former Soviet bloc, Romania spent more than four decades under communism, when education placed a premium on scientific and technological training. 

That expertise – and a resourcefulness developed under communism and during the painful transition to capitalism and democracy after 1989 – is now at the disposal of the EU and NATO as they try to combat cyber threats from Russia and other countries vying for a geopolitical upper hand.

And the Romanian state is doing its bit too, via bodies like the Romanian Information Service, SRI, an intelligence agency that took part in investigations that led to the 2018 exposure of Russian state involvement in a cyber espionage and warfare group called Fancy Bear. 

Also known as Sofacy or APT28, Fancy Bear targeted governments and civil society organisations in countries including the Netherlands, Britain, Germany, Romania and the US.


Bogdan Botezatu from Bitdefender. Photo: BIRN

Botezatu said the fact that the infections happened between 9 a.m. and 5 p.m. Moscow Standard Time led investigators to conclude they were being launched from government offices, said Botezatu of Bitdefender, which uncovered the campaign in 2015.

“Behind these kinds of attacks there is a country, and particularly the intelligence community of that country,” said General Anton Rog, head of SRI’s Cyberint centre.

“Of course, governments don’t act directly; through their intelligence services, they infiltrate or create these cybercrimes groups in a way that you can’t trace them back to say that they work with an information service.”

Most APT attacks, Rog told BIRN, are mounted in order to steal sensitive information. “It is a modality of espionage,” he said, “but through cables and cybernetic tools.” 

SRI’s Cyberint centre relies on tip-offs from foreign agencies, technology that recognises abnormal online activity and cyber informers.

Hybrid attacks

Sometimes the dividing line between financial-motivated attacks and APTs becomes blurred, as in the case of the malware family known as Cobalt Strike.

Cobalt Strike was used by the so-called Carbanak group from Russia and Ukraine to extract more than one billion euros from around 100 banks in over 40 countries, including Romania.

“The technology used is [characteristic of an] APT, but the motivation is strictly financial,” said Botezatu. 

Bitdefender conducted ‘post-mortems’ at two of the affected banks. Botezatu said the malware was “extremely sophisticated”, managing even to access the banks’ payment systems.

“With that level of access, the nefarious individuals authorise fraudulent bank transfers, raise the balance of mule accounts or command affected ATMs to spit out the money for them,” Europol said in a statement on the arrest in Spain of alleged Carbanak leader ‘Denis K’ in a 2018 operation that Romania took part in.

“Our suspicion is that… these attacks are used to make money to sponsor strategic attacks,” said SRI’s Rog. “In our evaluation, we take into account the fact that these groups have members who are in contact with governments or information communities,” he told BIRN, noting the costs and human and technical resources needed to develop malware like Cobalt Strike.

“They [governments] don’t want to spend money from their budget, they want to steal money from other countries and sponsor strategic attacks with it,” Rog said.

Strong cybersecurity “ecosystem”

To strengthen security at home and boost Romania’s role in the global cybersecurity game, SRI’s Cyberint centre says it is trying to create “an ecosystem” already being nurtured by courses offered by Cyberint at several universities across the country.

Likewise, Bitdefender partners with universities and high schools in training the next generation.

They may be people like Alexandru Coltuneac, a White Hat Hacker so called because of his transition from developing an Internet virus as a teenager to using his self-taught skills to help giants like Google, Facebook, PayPal, Microsoft and Adobe test their product security.

“I have set myself a target,” Coltuneac told BIRN. “I want to find at least one vulnerability in a product of each big company.”

Coltuneac, who is one of a number of Romanian White Hat Hackers recognised by Google and other companies as stars of ‘bug hunting’, now runs his own company together with a colleague.

Called LooseByte, the firm offers businesses cybersecurity tests and services to improve their protection levels.

Coltuneac said he finds pleasure in outsmarting the world’s best professionals.

“It’s a way of doing hacking without harming anyone,” he said.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now