Since March 2, Ukraine has been tracking those who visit banned sites: what are the consequences?
Ukraine has created a “centralized system of automatic blocking of Internet resources” that allows collecting information about users who tried to access “banned” sites, automatically recording and transmitting it to the relevant government agencies.
This was reported by the press service of the Internet Association of Ukraine (IAU).
It is noted that by March 2, Ukrainian Internet providers had to install a system for blocking access to web resources, which automatically downloads a list of Internet addresses for automatic blocking to the provider’s server every 15 minutes from the resource specified in the resource.
“Information about the user who tried to access the “prohibited” resources is automatically recorded and transmitted to the relevant government agencies. And although the system is declared to counteract phishing, it can be used to block an arbitrary number of Internet resources,” the IAU said in a statement.
Also, the IAU sent an appeal to the President of Ukraine, the Secretary of the National Security and Defense Council, the Head of the Security Service of Ukraine, the Chiefs of the General Staff of the Armed Forces and the Defense Intelligence of Ukraine about “unacceptable risks to the national security of Ukraine due to the introduction of the system of automatic blocking of Internet resources.”
The Internet Association of Ukraine noted that it has already twice appealed to the relevant state institutions to cancel the introduction of such a system because it contradicts the current legislation of Ukraine and harms its national interests, but the Order remains in force, and the deadline for its implementation by electronic communications operators expires on March 2.
The Association calls for the abolition or suspension of such actions until a professional assessment of possible threats is made.
The IBA believes that this system actually creates a centralized mechanism for automatically blocking users’ access to an unlimited list of Internet resources: “It is difficult to overestimate the negative consequences for Ukraine if the enemy gains access to this mechanism. Under the pretext of counteracting phishing sites, a powerful threat is being laid, in fact, a “Trojan horse”.”
“Unfortunately, these arguments have not yet been heard, the Order remains in force, and the deadline for its implementation by electronic communications operators expires on March 2. In view of the above, the IAU calls for the immediate cancellation of the Order of 30.01.2023 No. 67/850 or at least suspend its implementation until a professional assessment of possible threats is made with the participation of professional representatives of the electronic communications sector, as well as the development of alternative ways to counteract phishing with an acceptable level of risk. Such mechanisms exist in civilized countries,” the IAU said in a statement.
What is this system?
The National Center for Operational and Technical Management of Telecommunications Networks was established in 2019 as a state institution of the State Special Communications Service. The actual purpose of the center and the reason for its creation are very vague. As stated in the explanation, the center’s competence includes ensuring operational and technical management of public telecommunications networks of all telecommunications operators in emergency situations, state of emergency and martial law.
Thus, according to the order of the National Center for Operational and Technical Management of Telecommunications Networks No. 67/850 dated 30.01.2023 “On the Implementation of the Phishing Domain Filtering System”, Ukrainian Internet providers must install a system for blocking access to web resources by March 2. Such a system automatically downloads a list of Internet addresses for automatic blocking (stop list) to the provider’s server every 15 minutes from the resource specified in the Order.
******
In fact, it is not clear how they will determine whether a website is “phishing” or not. That is, in fact, any site in Ukraine can be called such a site and added to the “stop list”, which will be automatically uploaded to the servers of all providers and the site will simply become inaccessible. And it seems that under the guise of fighting phishing, they just want to get rid of opposition online media… a kind of light version of Roskomnadzor.