General Dumitru Dumbravă, of the Romanian Intelligence Service (SRI), had a meeting last week with the Technology of Information and Communications Commission of the Chamber of Deputies. During this meeting, he explained SRI’s position on how the Internet should be regulated in Romania and detailing why SRI has now decided to propose the draft law on cyber security.
According to General Dumbravă, the virtual reality in which we currently live has no more patience for lengthy debates in the Parliament. According to General Dumbravă, "Every second there are eight new Internet users and 18 victims of various Internet frauds. Every 24 hours, 250,000 malicious codes are written. A Trojan virus can infect 1.2 billion PCs today. We can be patient, but the objective and virtual reality is not patient with us. How many victims were there in all the seconds that have passed in the two weeks that we’ve been talking about this law?"
The draft law on cyber security allows computer searches to be performed even if the person concerned has not committed any criminal offense and without the authorization of a judge being needed. The adoption of this draft law would mean that people who do not commit crimes suddenly have fewer rights and safeguards than before - fewer, perhaps, than those who commit crimes. In other words, the law wants logic and common sense to be replaced with permanent surveillance by the Intelligence Service.
The head of SRI stated that it is normal for SRI to have access to login data from infected computers, at any point, as these computers can be used in cyber crime without the user knowing it (due to virus infection). General Dumbravă added that he does not see the authorization of a judge as essential because "if you go to have your computer fixed, you do not first go to the judge to ask for permission for the computer technician to open your computer."
Vasile Oajdea, MP from PP-DD: "What you are proposing sounds like a kind of rape"
When he heard General Dumbravă’s statements, Vasile Oajdea, Member of the Parliament (MP) from the People's Party – Dan Diaconescu and Chairman of the IT Commission, stated:
"When one goes to fix a computer, risks are assumed. Every person has the right to do as they want with a personal computer; it's different when somebody else tries to have access to it by force. What you are proposing sounds like a kind of rape. Why don’t you go on the street right now and ask a girl if she agrees to allow you to do a checkup on her?”
Florin Cosmoiu, the representative of Cyberint SRI, explained to MPs that close surveillance of private computers also contributes to Romania’s reputation in the world: "Many computers and infrastructures of private entities, which are not of national interest, are infected and used, without owners’ permission, for cyber attacks targeting Romania or other countries. The law provides for a number of measures that create obligations for users, who have to remove infections from their computers when they are identified."
Ion Diniţă, MP from PC: "After India, Romania has the people most gifted by God with the intelligence necessary to work with computers"
The views of the Commission’s members ranged from completely agreeing with the need to regulate the Internet to criticizing SRI’s claims. Ion Diniţă, MP from the Conservative Party, finding out that Romania's reputation is "affected by cyber crime," insisted that the law should be adopted in order to prevent negative elements from using the Internet and affecting the country’s image. This should be done because "after India, Romania has the people most gifted by God with the intelligence necessary to work with computers, and in such conditions we need good laws in order to promote only what's good, because the bad, you know how it goes."
The representatives of APADOR-CH, ApTI and Active Watch, who also attended the meeting, proposed amendments for the draft law (Amendments to the Draft Law on Cyber Security). They showed that, although facing the same cyber threats as Romania, most other EU countries have preferred more conservative approaches in their strategies on cyber security and have chosen not to adopt legislation regarding the use of the Internet. Civil society asked that the draft law not be adopted, at least until a European Directive is issued on the matter. Most Romanian MPs, in unison with SRI’s representatives, said that they do not need to wait for guidance from Brussels and insisted that they have enough specialists to formulate and promulgate a sound cyber security law.
General Dumbravă, SRI: "Let’s protect the Internet, which belongs to all of us and not to the Romanian state"
To better understand the need for this law, General Dumbravă compared using the Internet to driving cars: "Imagine that the Internet is a system of roads where we have state-owned cars - fire fighters, military, police – and also cars of private individuals. What would it be like if the Road Code would only be enforceable against state institutions because private individuals have bought cars with their own money, and are therefore allowed to crash into fire trucks and ambulances? Obviously, private individuals do not have the same obligations as state institutions; however, when you enter a public road, or the Internet, you do have some obligations. Let’s protect the Internet, which belongs to all of us and not to the Romanian state. [...] I do not see anything wrong with regulating a little bit an area that is currently somewhat anarchic; if we look now as we did at the beginning of the century, we would still be using horse carriages. We are now driving in safe conditions, but, I repeat, this is only because our car owners have the obligation to have technical inspections done every two years, repairs also; it bothers me that I have to pay for this, but if it is for safety reasons ... I register my car because it is nice to know who's behind the wheel."
Daniel Iane, MP from the National Liberal Party (PNL), said, "The Internet was an invention of civilians. The Internet is not ARPANET [the military network created by DARPA, the predecessor of the Internet], the roads do not belong to the military but to civilians. The army has entered our roads and this is the difference. I understand what you are trying to say and I have told you that I believe in … regulations regarding not the Internet, but the way it is being used by both civilians and state institutions. Secondly, if you permit me, let us be the ones who do politics and make political statements. You are invited here as a specialist, we pay you, we interrogate you, and you answer, but you do not make judgments."
Mr. Iane insisted on finding out from SRI’s representatives whether this draft law has been proposed due to some emergency situation, due to imminent threats, or if it is part of a long-term agenda of SRI.
- Daniel Iane: "I understand that there are some major threats for us as a country. Can you tell us what these threats are, or these are only preventive measures we need to take in order to avoid problems? Since you initiated the law, how imminent is the threat?"
- Florin Cosmoiu, representative of Cyberint SRI: "Cyber threats have existed for many years, the issue of cyber security is at the level of CSAT since 2006. The issue is there and all aspects have been presented to decision makers; this is how it came to this strategy and to the need for the approval of this law by the Parliament."
- Daniel Iane: "So it's a matter of agenda?"
- Florin Cosmoiu: "It is, and we strongly support it!"
The Committee’s meeting was concluded by Chairman Vasile Oajdea, who promised that MPs will vote on the amendments proposed by civil society, and the law will follow the proper legislative process and will become "a good, rational law, which will not abuse the citizens’ intimacy."