New proposed legislation on cyber security designed to expand the powers of the National Security Office (NBU) carries several risks, goes beyond the scope of European legislation and should be preceded by additional expert discussion, the IT Association of Slovakia (ITAS) stated on Monday. It has thus joined the rising tide of calls by NGOs, including Slovensko.Digital and the Let's Stop Corruption foundation, for the withdrawal of the bill. "Based on this bill, the blocking of so-called malicious content or malicious activities that might cause a security incident could be done without the prior permission of a court and based on nothing but the sole decision of the NBU. We don't know, however, who will be tasked with systematic supervision over the NBU's activities, nor how the state plans to address the potential economic damage caused in this way," warned ITAS.
In addition, the NBU could order and receive some information about network and information systems and decide to ban the use of certain products, processes or services. Although the list of banned technologies will be public and with the option to attach comments, in practice these could simply be ignored by the NBU. "This will de facto become the introduction of a new manner of across-the-board surveillance. Without any proper supervision, noticeably absent in the bill, we consider this to be a dangerous tool that might be abused to target investigative journalists and watchdog organisations, as well as corruption whistleblowers and other groups of citizens," said Zuzana Petková of Let's Stop Corruption.
Slovensko.Digital pointed out that during the drafting of the bill, the NBU ignored critical comments to such a large extent that the material was submitted to the Government with 91 unaddressed fundamental complaints. Slovensko.Digital pointed out that a number of institutes currently exist that deal with cybernetic security, and the bill has failed to explain the necessity of introducing new measures.