Parliament passed with its first reading on May 29 package of legislative amendments, increasing oversight mechanisms over government surveillance practices, but the proposal leaves security agencies’ unrestricted capabilities of direct access to telecommunications service providers’ networks unaddressed.

The Parliament originally planned adoption of the package with its first reading on May 16, but had to delay it because of lack of quorum.

According to the bill, lawmakers will have a deadline till November 1, 2014 to elaborate a mechanism to address a long-standing problem of security agencies’ ‘black box’ spy devices in telecommunications service providers’ networks, which give the Interior Ministry unrestricted access to servers allowing them to monitor reportedly over twenty thousand mobile phone numbers simultaneously – the main source of persisting concerns over government’s illegal surveillance practices.

Initial draft of legislative amendments envisaged a clause depriving security agencies this direct access to telecommunication companies’ servers. According to that clause, after obtaining court order, authorizing eavesdropping, law enforcement agencies should have carried out surveillance and obtained requested data only from telecommunications service providers. The Interior Ministry was strongly against this clause, arguing that notifying operators should not be required as it will increase risk of leaking sensitive information and undermining operative activities of the law enforcement agencies.

This clause was removed from the bill; a special commission with the participation of officials from government and parliament, experts and civil society representatives will be established to elaborate a mechanism before November 1 to address this problem.

Civil society organizations, which have been campaigning for adoption of the original bill, criticized Parliament’s decision on removing the disputed clause, but welcomed other parts of the bill, which provide stricter surveillance regulations. Lawmakers from the UNM parliamentary minority group voted for other bills in the package, but criticized decision to delay the issue.
 
Package of bills includes amendments to criminal procedure code; law on personal data protection; law on operative-investigative activities; law on electronic communications, and the Parliament’s regulations. During the May 29 voting MPs unanimously voted for the amendments to these laws except one.  

Proposal sets higher standards of justification required for law enforcement agencies to obtain court warrant on surveillance.

The package of bills also sets data retention regulations. It envisages setting two-year period within which telecommunications service operators will be obliged to retain certain categories of data – it involves records which can identify a caller and date, place, duration and the means of communication, but not the content of the communication itself. No time limit for data retention is set under the existing legislation.

The proposal increases authority of inspector for the protection of personal data.

Currently personal data protection inspector is appointed by the Prime Minister; but after the new regulations go into force, the office will become accountable before the Parliament. PM will have the right to nominate a candidate for personal data protection inspector and it will be up to the Parliament to either approve or decline the nomination. Holder of the office will have the immunity similar to the one enjoyed by a Member of Parliament.

According to the proposal, personal data protection inspector will have the right to carry out inspection of both the state and private entities without the need to notify them about it in advance.

The Parliament is expected to continue discussion of the package with its second reading after the June 15 local elections, when the legislative body returns from recess.