Thanks to a generous EU grant, Romania’s controversial intelligence agency is mingling stocks of databases from the country’s public institutions to monitor people. That could hurt many, but in particular those critical to the authorities and their friends.

Imagine this: you go online in your office and with a mere click you find out that some journalists that you don’t like have not paid their tax on income they have generated as freelancers. Next minute you can informally alert the tax office; or, worse, blackmail these journalists and ask them to kill a story on a sensitive topic that can affect you and your friends up in the state administration or elsewhere.

That could happen in Romania in no more than a couple of years as the Romanian Information Service (SRI), the nation’s intelligence agency, is building a system that will allow them to hoard data from all key state authorities and public institutions in the country.

Ironically, all this is being funded with European Union (EU) money. The SRI is using a hefty €31.5m (US$ 35.2m) from the EU to run this project, called SII Analytics. By 2018, the system should be ready to fly.

But what SII Analytics can do is much bigger than blackmailing a journalist. The introduction of SII Analytics has much deeper implications for the nation. The system practically gives the SRI access to troves of information about Romania’s citizens who feature in public authorities databases. Most of them do, unless they have lived deep in the woods for a decade or so.
What can the system do? Experts explain. Tax filings, bank loans, purchases of real estate properties and cars: all of that can be unearthed through a simple search of the Numerical Personal Code (CNP), a number used by Romanian authorities to identify its citizens. Emails and private discussions on Facebook or Skype: the system can monitor that as well.

Big Brother, Carpathian Version

SRI’s plans to build SII Analytics have been slammed by civil society groups, but to no avail. The SRI’s proposal for funding was approved in June 2016 by a department in the country’s communications ministry purposely set up to handle European cash. Last August, the SRI already finalized a tender to select the tech companies that would help them devise this surveillance machinery.

A group of local NGOs led by the Association for Technology and Internet (ApTI), an organization of internet freedom activists, stressed in a letter sent on 8 August 2016 to national and EU officials that the SRI’s plan breaches EU standards on privacy and personal data. The NGOs argued that SRI has no competence in e-government as they filed their proposal.

Moreover, the plan has nothing to do with e-government: surveillance through aggregation of data from a bevy of sources has nothing to do with that, they say. No guarantees have been offered that access to all that data will not be abused. As the system can be accessed through some 750 mobile terminals and an unspecified number of fixed terminals, it means that roughly 1,000 people in SRI and other institutions can use the system without any checks and without people in the street knowing that their lives are looked into.

In late August, SRI responded to all these accusations, but what they said further confirmed that the project was totally outside the e-government area. The SRI’s officials said that this project will bring Romania into the civilized intelligence world.

However, the same month, the local news portal reported that this is only a follow-up phase in a project to integrate the databases of the country’s public institutions. They found out that the SRI had already copied databases from key state institutions such as the interior, finance and justice ministries, the National Bank of Romania (BNR) and the state health insurance agency. Now, it wants to copy more and integrate them all in an intelligent system able to find out fast an immense amount of information more rapidly.

The SRI argues that the new phase of the system, SII Analytics “will help state institutions to better, in a more structured way, faster and with more relevant information analyze the significant quantity of data that it has.” However, they said that special internal filters to prevent use of data for personal purposes will be instituted. They wouldn’t elaborate.
Critics of the system refer to it as a large-scale Romanian Big Brother.

Jemenfoutisme at Its Peak

Bogdan Manolea, the director of ApTI, says that the SII Analytics may allow SRI to rapidly cobble up a wealth of associations about people, businesses and organizations to an unprecedented degree of detail. Employees of some other public institutions will have access to all these data, but it’s unclear in what way they will access the information.

For example, a SRI officer can find out through a simple search what companies, say with a lower number of employees than 50 and with VAT returns higher than a certain amount were incorporated between the years 2010 and 2014, even though SRI has no competence on public prosecution or fiscal checks. It will be up to the SRI officer if he sends this information to competent authorities or decide to do other things with it. 

Or they can identify at a blink of an eye links between bank loans, income declarations and properties and cars purchased over a given period of time. A policeman who stops you in traffic may instantly know that you have bought fours cars so far in your life. Companies close to the SRI can get access to information to blackmail competitors.

In the public space, one can only imagine how the very few critical voices still standing in Romania’s independent journalism can be smothered by some of the SRI’s vigilant agents.

It’s true that through this system corruption cases can also be identified, but the SRI is not obliged to report them to authorities. It has no competence in that area either.

Institutions that are already part of the system such as Romania’s national bank claim that they only offer information to the SRI in specific cases such as suspicions of funds being used for terrorism activities. Fashionable as it is, the terrorism card is heavily played by the SRI itself in defending its investment in the SII Analytics. Yet again, that has nothing to do with e-government as the project has qualified for funding.

But none of the thorny issues raised by internet activists has been settled to date. Undisturbed, the SRI goes ahead with its plan. The company that would devise the system is to be announced shortly. The competitors in the tender for this order include a company founded by Sebastian Ghita, who is a partner of Dumitru Zamfir, a former SRI general, and the Mira Telecom group where Mr Zamfir’s daughter is a partner.

As such, the stakes are high in this EU-indulged game. Unfortunately, nobody seems to care what is really at stake for Romania’s citizen crowd.

Photo: Kieran Lamb