The Romanian Secret Service (SRI) is granted European funding in order to acquire software and hardware for “consolidating and assuring interoperability between information systems”. In translation this means a mass surveillance project where SRI and other public institutions would potentially have unlimited access to personal data collected and integrated in a large scale Big Brother system.
The bid was successful under Pillar 2 – OS 2.3. Increasing eGovernment systems usage, operation 2.3.1. “Consolidating and assuring interoperability of information systems dedicated to 2.0 eGorvenment services concentrated on events in citizens’ life and enterprises, cloud development”. The 184 page project was submitted one day after the call was publicly announced and it was rapidly approved despite the fact that it violates Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, namely the rights to privacy and to personal data protection.
The project is being promoted as to develop eGorvenment services, for detecting and preventing fraud and for increasing government efficiency. However, as the technical specifications of the project show, one of its declared purposes is to acquire hardware and software for Internet traffic interception from instant messaging apps or other similar electronic communications programmes. Therefore, the project clearly derails from the current legal framework for interceptions, as provided by the Criminal Procedure Code, where interceptions can only be authorized by a judge.
The project also aims at aggregating data sets from all major public institutions and at allowing advanced search in order to permit inquiring any type of information about any citizen or resident. Entitled SII Analytics, the project includes a chapter on behaviour analysis, therefore the system will be able to correlate information from databases as well as other public information (such as Facebook account information) and create individual profiles. Moreover, under the disguised motivation of “preventing fraud”, the system will have facial recognition features and it will include a database of approximately 50-60 million images (passport or identity card photos) to which SRI will have unlimited access.
Therefore, contrary to the project’s description, the system is nothing more than a massive tool for spying on citizen’s private life. The project does not include any limitation regarding access to the information, nor does it establish a mechanism to ensure an effective control of the system and of the approximately 1000 people authorized to access it. There is no requirement to notify the data subject or to ask for consent. Therefore, the level for potential abuses remains very high since there is no transparency and no guarantees to limit misuse.
ApTI and 3 other NGOs sent a letter to both national and European officials urging for the public procurement process to be stopped. At the same time, the signatories signal the necessity of introducing as a necessary requirement for accessing European funds the interdiction to use such funding for violating or limiting human rights. At a national level, the signatories also highlight the need for a public debate on the role of the SRI in the Romanian society and regarding the guarantees for avoiding abuses and increasing institutional transparency.