Misli o RATEL-u, Uputstvu, Zakonu i Ustavu…
Posted by Saša Bodiroža | Filed under Freedom, Privacy, Security, Thoughts, internet
Dakle, jutros je okačeno famozno Uputstvo, za koje je čuo ceo domaći Internet. Nakon razgovora sa Danicom o ovoj temi, delova Ustava i Zakona o telekomunikacijama, koje sam pročitao na Svakodnevnici i SSpin-ovog komentara na istom postu, malo sam razmišljao o svemu ovome. Ustav je najviši državni akt, i svi Zakoni, Odredbe i ostale stvari treba da budu u skladu sa njim. Daleko sam od pravnika, ali da pokušam da izlažim meni logično obrazloženje. Član 41. i 42. Ustava kažu:
Tajnost pisama i drugih sredstava opštenja
Član 41.
Tajnost pisama i drugih sredstava komuniciranja je nepovrediva.
Odstupanja su dozvoljena samo na određeno vreme i na osnovu odluke suda, ako su neophodna radi vođenja krivičnog postupka ili zaštite bezbednosti Republike Srbije, na način predviđen zakonom.Zaštita podataka o ličnosti
Član 42.Zajemčena je zaštita podataka o ličnosti.
Prikupljanje, držanje, obrada i korišćenje podataka o ličnosti uređuju se zakonom.
Zabranjena je i kažnjiva upotreba podataka o ličnosti izvan svrhe za koju su prikupljeni, u skladu sa zakonom, osim za potrebe vođenja krivičnog postupka ili zaštite bezbednosti Republike Srbije, na način predviđen zakonom.
Svako ima pravo da bude obavešten o prikupljenim podacima o svojoj ličnosti, u skladu sa zakonom, i pravo na sudsku zaštitu zbog njihove zloupotrebe.
Dakle, Ustav definiše kada sme da se odstupi od navedenih članova.
Član 55. Zakona o telekomunikacijama, na koji se poziva Uputstvo, kaže:
Javni telekomunikacioni operator je dužan da kao deo sistema, o sopstvenom trošku, oformi podsisteme, uređaje, opremu i instalacije za zakonom ovlašćeni elektronski nadzor određenih telekomunikacija.
Njime se poručuje da je potrebno da operater omogući nadzor korisnika.
Uputstvo, koje se poziva na član 55. Zakona o telekomunikacijama, a trebalo bi da je u skladu sa Ustavom, samo definiše kako se sprovodi elektronski nadzor. I kaže ovo:
Javni telekomunikacioni operator obavezuje se da na zahtev nadležnog državnog organa dostavi podatke o svim komunikacionim sredstvima koja su se pojavljivala na određenoj geografskoj, fizičkoj ili logičkoj lokaciji u minimalnom periodu od poslednjih 48 časova, nezavisno od postojanja telekomunikacione aktivnosti.
Pružalac Internet usluga je dužan da nadležnim državnim organima omogući pristup ažurnoj bazi podataka o pretplatnicima i periodično na zahtev dostavlja eksportovanu bazu podataka u formatu dogovorenom sa nadležnim državnim organima.
Spominje se da na zahtev mora da se omogući pristup podacima. Ima delova gde to nije eksplicitno navedeno, što je možda loše. Ali, ako se Uputstvo oslanja na Ustav, onda bi trebalo da je zabranjen pristup informacijama bez zahteva suda, ili kad nije ugrožena bezbednost Republike Srbije.
To jest, Uputstvom se dozvoljava neograničen pristup informacijama, ali se taj pristup Ustavom i Zakonom o telekomunikacijama ograničava na specijalne slučajeve. Na primer, ako se počini krivično delo 1. januara, a zahtev suda se izda 1. februara, onda bi provajder dostavio traženu komunikaciju od 1. januara do određenog datuma. Moguće je da zato moraju da prate sve podatke. Tako nešto mi deluje razumno.
Voleo bih ako bi ovo pročitao neki pravnik, koji bi mogao da da svoje tumačenje. Možda je ovo tačno, a možda je i samo moj pokušaj samoubeđivanja da je sve u redu…
U svakom slučaju, zdrava doza paranoje nije na odmet ;). Enkriptujte vaše poruke, razgovore preko IM-ova, i tako te stvari… Čisto radi vaše sigurnosti.
Tags: internet, nadzor, privatnost, ratel, sigurnost, telekomunikacije, uputstvo, ustav, zakon
RATEL’s new law and our privacy
Posted by Saša Bodiroža | Filed under Freedom, Privacy, Security, internet
Serbia’s Republic Agency for Telecommunications (RATEL), published the instructions (text in Serbian) on Internet traffic interception and redirection. Basically, it allows Serbian government to read each and every bit of our communication, including HTTP, VoIP, e-mail and IM protocol. It’s not that I have something to hide, it’s just that it’s serious violation of my privacy. And I don’t really like that.
Update: I think I overreacted a bit in my comment. This legal act is not supposed to talk about violation of privacy. Violation of privacy is forbidden by the Serbian Telecommunication law, and Serbian Constitution. The whole purpose of this legal act, as I see it, is to amend element 55. of Telecommunication law.
Another comment can be found here (in Serbian).
Since we can’t change the law immediately, the least we can do is to protect our privacy. We can use encryption methods to encrypt our communication. Here are few advices:
There are web servers that support HTTPS protocol. If you start with HTTP, your browser won’t transfer to HTTPS if it’s possible. So, I advise you to try HTTPS, maybe destination server has support for it. For example, most people will type in facebook.com, which will take them to www.facebook.com, using HTTP. Instead, try typing in https://www.facebook.com. If you’re using Firefox, you’ll notice that the icon next to the address bar is blue. If you click on it, it will inform you that your connection is secured. It should be harder to eavesdrop your connection with www.facebook.com, since it needs to be decrypted first.
Encrypt your e-mails
System of GPG public and secret keys enables to encrypt and decrypt content you need to securely pass to another person. It is possible to use it with e-mails. You need to install GPG software, set it up and generate you public/secret key pair. Then you need to install Enigmail extension if you’re using Thunderbird, or FireGPG if you’re using Gmail’s web interface. For Outlook, GPGol module should work.
Setting up Thunderbird and Enigmail
How to install GPG, and generate public/secret key pair on Linux can be found here. After that is finished, download and install Enigmail. How to install GPG, generate public/secret keypair and install Enigmail on Windows can be found here.
Setting up FireGPG in Gmail.
Just follow the instructions provided on FireGPG download page.
Setting up Outlook
Follow the instructions provided here. It should work with GPGol module, but I can’t test it. I don’t have Windows, nor Outlook.
Encrypt your IM conversations
Update: A list of IM clients that support OTR messaging can be found in Wikipedia’s article about OTR. If you don’t have or don’t like pidgin, you’re free to use something else.
Pidgin, a cross-platform, multi-protocol instant messenger client, has the capability of encryption of instant messages, using Off-the-Record plugin. If you still don’t use Pidgin, I would advise you to install it.
If you’re using Linux, I’m sure you can install it through your package manager. For Debian-based systems, search for pidgin package. Also, OTR plugin is available in pidgin-otr package in Ubuntu gutsy and later, and in Debian testing and unstable.
If you’re using Windows, download the installer from here. It’s easy to setup OTR after, and the instructions can be found here.
After you installed Pidgin, start it and go to Tools -> Extensions. Locate Off-the-Record plugin and enable it. Click on configure button. For each account in the list click Generate, and select Enable private messaging and Automatically initiate private messaging.
Note to some of my friends that use MSN: What do you care more about: your privacy, or animated smilies ;)?
At the end…
This short tutorial doesn’t cover all protocols… If you know something more, please post a comment and I’ll put it in this post. Thanks.
If you have any questions, post them in the comments, and I (or someone else) will try to answer them.
Tags: decryption, e-mail, encryption, gpg, how to, howto, http, https, im, interception, internet, Privacy, ratel, redirection, Security, traffic, web
