Removal of privacy only at the request of the Ministry of Internal Affairs and Anti-Terrorism – Everything that the surveillance bill provides

Major changes in the way the EYP operates, both in the organization and in the context of its operation, and new rules regarding the lifting of confidentiality are brought about by the bill that entered public consultation yesterday, under the title “Procedure for lifting the confidentiality of communications , cyber security and privacy
citizen data”.

Secrecy, as provided for in the Constitution, is lifted for reasons of national security or for the investigation of particularly serious crimes by decision of a judicial authority. The purpose of the bill is to modernize the process of removing the privacy of communications by ensuring all the required guarantees, the restructuring of the EYP to optimize its action, the criminal treatment of the trading, possession and use of surveillance software, the organic and functional upgrading of level of cybersecurity in the country and the optimal integration into national law of the Directive for the protection of natural persons against the processing of personal data.

With the existing framework, any public authority could submit a declassification request for reasons of national security. Now, with the framework proposed by the bill, only the EYP and the Anti-Terrorist Service (Department for Combating Special Violent Crimes of the Hellenic Police, “DAEEB”) can request such a request. In order to lift the secrecy for reasons of national security, a request from the Ministry of Defense or Anti-Terrorism is required, for the request to be judged by the internal prosecutor of the service and for there to be a decision of the vice-prosecutor of the Supreme Court – that is, the judgment is repeated also by a second prosecutor who had abolished in 2018.

Unprivilege for political figures

To date, there is no special procedure for political persons and the usual procedure is followed. After connecting to the phone of PASOK president Nikos Andorylakis, it turned out that there should be special safety valves. The bill establishes a triple filter of guarantees: a) the process is expedited only by the EYP, b) the President of the Parliament must give permission before the double prosecutorial crisis and c) the request for the removal must be based on specific elements that make immediate and highly probable jeopardy of national security.

In fact, the bill provides that “Political persons” are considered to be the President of the Republic, the members of the government and the deputy ministers, the members of the national and European parliaments, the leaders of the political parties represented in the national and European parliaments and the highest single-person bodies of OTA A and B grade.

Until 2021, it could be updated at the discretion of the deciding body, only if the purpose for which the removal was ordered was not compromised. Since then information was not possible when it came to national security reasons (but it was possible for removals to verify crimes). This issue is extremely complex because it must combine rights but also the effectiveness of the service when it comes to high-level risks. The bill proposes to inform the subject provided that the purpose for which the removal was ordered is not jeopardized and after the lapse of 3 years from its cessation. Three years is considered a reasonable time and follows foreign practices, so that there is a distance from events of the highest national security (such as in this case the events of Evros and the spying of Rhodes in 2020). The notification is decided by a three-member body made up of the competent prosecutor, the administrator of the EYP or the director of the DAEEB and the president of the ADAE.

Until today, the destruction of the files is foreseen but without specific time frames and specific procedures. Now the relevant procedure is standardized. As for the content of the tracking, automatic deletion is foreseen in principle after 6 months from the cessation of removal. As for the file with the documentation material for the removal, it is planned to be destroyed in principle after 10 years from the end of the removal. In addition, the possibility of complete digitization of the file is provided for easy search and greater security.

The bill, which will remain in public consultation until November 22, also provides for the categories of offenses for which confidentiality may be lifted. Until now the list was extremely broad and included felonies and misdemeanors of the criminal code and special criminal laws. This list is rationalized to include, in principle, all felonies, and from the misdemeanors only those that carry particular disrepute (eg against minors, arson, criminal gang) by removing most special laws. For example, removal cannot be ordered for simple theft or fraud.

The procedure by which the removal of confidentiality is ordered does not change. The removal is imposed by the will of the Council of Appeals or Misdemeanors at the request of the public prosecutor or the investigator. Only in extremely urgent cases, the removal can be ordered by the prosecutor and the investigator who are then required to introduce the matter with a relevant application to the Council within a period of 3 days.

According to the provisions of the bill, there should be a special prosecutor in the Ministry of Internal Affairs and Anti-Terrorism, as this is considered to strengthen the specialization of persons and the sealing of information. In any case, a second prosecutor is required for the removal of secrecy due to national security so that the system does not function institutionally. For the same reason, the terms of office of field prosecutors are three-year non-renewable (while to date the term of office of the anti-terrorist prosecutor can be renewed).

The possession, marketing, distribution and use of prohibited software

Until 2019, illegal wiretapping was a felony punishable by up to 10 years in prison, while possession and sale of illegal software was a misdemeanor punishable by up to 2 years in prison. A few days before the dissolution of the Parliament for the 2019 elections and while SYRIZA was aware of the existence of illegal software in Greece, the Criminal Code was incomprehensible changed with the result that wiretapping is now punishable by imprisonment from 10 days to 5 years, while possession and trafficking was decriminalized. With the proposed provisions, the felony for the use of illegal software and devices and the misdemeanor of trading and possession with a penalty of 1-5 years are reinstated.

Prohibited software or monitoring devices are considered software or devices with the ability to intercept, record and extract any kind of content or communication data (movement and location), which are determined by a decision of the Governor of the EYP that will be published within 3 days of the law coming into force . The list of prohibited software or monitoring devices is updated by decision of the Governor of EYP no later than every 6 months. In addition, the public is informed about the prohibited software, their mode of action and the protective measures they can take against them, with an announcement by the Governor of the EYP, which is posted on the website of the Service.

The public will be able to procure spy software under conditions that will be determined by a presidential decree of the co-competent ministers, which will have received the prescribed processing of the Council of State.

What is changing in the management of the EYP?

To date the commander and deputy commanders may come from the public or private sector. With the proposed bill, a person from the diplomatic corps or a retired high-ranking officer is designated as Governor. Deputy governors can be some of the above, as well as employees and functionaries of the public and the wider public sector. In addition, the number of deputy commanders is reduced from the current 3 to 2.

Regarding the organization of the EYP, 3 new structures are added. a) The Academy of Information and Counter-espionage with the mission of training, training and specialization of the staff of the EYP for the more efficient performance of their duties. b) The Internal Audit Unit, which is responsible, among other things, for the internal audit of the EYP. c) The Press and Communication Office, with responsibility for promoting the work of the service and for informing society about its actions and about any risks to national security.

In the operation of the EYP, the Information Security Authority (INFOSEC) of the EYP becomes responsible for drafting security policies and instructions for the management of classified information in all the networks and areas of the Presidency of the Government and the Ministries in cooperation with them, as well as for constantly updating them on issues security. Secondly, the possibility of secret contracts at the Center for Technological Support, Development and Innovation (KE.TY.A.K.) is abolished.

The bill, according to the government, strengthens the country’s cyber security level as well the fragmentation of cybersecurity structures in the country is considered an important problem. For this reason, a Coordinating Committee for Cyber ​​Security issues is established, which functions as a coordinating body between: a) the General Directorate of Cyber ​​Security of the General Secretariat of Telecommunications and Posts of the Ministry of Digital Governance, which has been designated as the National Cyber ​​Security Authority, b) the Cyber ​​Defense Directorate of GEETHA, which has been designated as the competent response team for incidents related to computer security, c) the Directorate of Cyberspace of the EYP as a team to deal with electronic attacks (National CERT) and d) the Hellenic Police. The responsibilities of the Committee are: a) to provide directions in the event of an extraordinary incident involving a strategic risk, b) to coordinate, monitor and evaluate the implementation of the National Cyber ​​Security Strategy, c) to approve the National Emergency Plan, d) to recommend to the KY.S.E.A. any issue related to Cybersecurity and e) to resolve any disputes regarding the competences and roles of Cybersecurity entities.

According to the bill, the National Cybersecurity Authority in collaboration with the Directorate of Cyberspace of the EYP, the Directorate of Cyber ​​Defense of the Hellenic Police and any other competent body, prepares a National Risk Assessment Plan for Information Technology and Communications Systems, which is classified according to the National Security Regulation. The Plan includes the identification, analysis and assessment of risks and their effects on the security of information technology and communications systems at the national level. For the preparation of the Plan, every category of potential threat is taken into account, and in particular threats related to malicious actions, natural phenomena, technical failures, malfunctions or human errors, in order to assess the extent and criticality of the effects of these threats at the national level. In addition, the National Cybersecurity Authority and the Cyberspace Directorate ensure the monitoring of known threats and vulnerabilities of information and communication systems and the provision of information about them.

See the bill here

Read the News today and get the latest news.
Follow Skai.gr on Google News and be the first to know all the news.