Serbian Telecom Agency publishes Internet traffic interception rules

By EDRi · July 30, 2008

Serbia’s Republic Agency for Telecommunications (RATEL) published on 21 July
2008 a document of Instructions for Technical Requirements for Subsystems,
Devices, Hardware and Installation of Internet Networks. The document
explains the technical requirements for authorized monitoring of some
telecom services and provides a list of obligations for the telecom
operators.

According with the present text, the ISPs will have to let the police access
their databases, including users’ e-mail content or browsing history. This
regulation seems to be the Serbian version of the data retention directive,
since the scope is defined as fighting cyber crime and terrorism.

Danica Radovanovic explains on his blog at GlobalVoices what are the present
requirements: “Internet Service Providers (ISP) are obligated to enable
governmental bodies to access updated databases with personal data on users,
contracts, maximum speed of data transfer, identification addresses as well
as access to database about email users. ISPs are also obligated to provide
hardware and software for passive monitoring in real time, collecting and
analysing Internet activities, statistics, interception of email,
attachments, web mail, IP video traffic, phone traffic, interception of IM
traffic, peer-to-peer networks, service of email and forwarding the email
content towards the centre of governmental bodies for supervision. Technical
requirements (hardware and software) should enable reconstruction of traffic
interception up to the level of application and filtering within these
criteria: user name, user phone number, email address, IP address, MAC
address, IM identification.”

So far it is not clear what are the specific institutions that could access
those data and under what circumstances, since the document made available
by RATEL includes only the technical requirements. According to a
declaration made for B92 by RATEL chairman Jovan Radunovic: “If they (state
institutions) get a court order then they can monitor the location that one
uses the internet from, and only then they can view the content. These rules
are not under RATEL’s jurisdiction. RATEL has, in order to provide
protection from terrorism, enabled the state organs to do this. We expect
they will respect all privacy rules”

Serbia: New Instructions and Law Regulations on Online Privacy (26.07.2008)
http://globalvoicesonline.org/2008/07/26/serbia-new-instructions-and-law-regulations-on-online-privacy/

State to have access to e-mails, browsing history (28.07.2008)
http://www.b92.net/eng/news/society-article.php?yyyy=2008&mm=07&dd=28&nav_id=52260

RATEL’s new law and our privacy (25.07.2008)
http://www.jazzva.com/2008/07/25/ratels-new-law-and-our-privacy/

Document of Instructions for Technical Requirements for Subsystems, Devices,
Hardware and Installation of Internet Networks (only in Serbian, 21.07.2008)
http://www.ratel.org.rs/editor_files/File/dozvole/uputstva/Tehnicki_uslovi_za_internet.pdf