Civil Initiative on Internet Policy Public Foundation (CIIP) is sounding the alarm: Kyrgyzstanis faced with unauthorized access by unknown persons to their conversations, including secret chats and personal photos, in Telegram messenger.
Civil activists welcome the decision of the Prime Minister of Kyrgyzstan Mukammedkaly Abylgaziev to form a state body for protection of personal data of citizens by February 1, 2020.
GIIP has been calling on the government to create such an independent authorized state body for protection of personal data for ten years.
The organization stresses the importance of the initiative right now, when digital transformation in Kyrgyzstan has become a priority: new technologies for provision of public services in digital format are being introduced, our personal data become digital, including biometric data, which inevitably entails the risks of their greater vulnerability and possible leaks.
Our personal data are being increasingly stolen, they become a subject of bargaining, extortion. Cross-border computer crime is growing, the victims of which are citizens, business, government organizations.
«Terrorist and extremist activities carried out through digital communications are intensifying. Programs for secret collection of data from citizens and organizations are gaining unprecedented scales. In late November — early December, a wave of accounts hacks swept across Kyrgyzstan,» the CIIP notes.
Experts found out that attackers gain access to Telegram by intercepting SMS codes received when entering an account from a new device. To hack someone’s account, the attackers themselves initiate a request to send an SMS with an activation code by the messenger, then intercept it using special technical tools or insiders in mobile network operators and use the received code to successfully authorize in the messenger, gaining access to all user’s data.
Fresh announcements about sale of access to messengers are increasingly being published on hackers’ forums.
Over the past week, we all have been following development of the situation with the leak and publication of photos of a car with fake number plates with personal data of citizens from Safe City cameras, controlled by law enforcement agencies, which is also a gross violation of confidentiality and indicates how vulnerable we are today.
The face recognition system based on Chinese technology is actively and massively introduced, which is also a big challenge and can be considered as a violation of our privacy and interference with private life.
Therefore, if we do not protect personal data, the consequences can be the saddest.
We are convinced that the priority for the newly created state body should be ensuring of control over the compliance of personal data processing with the requirements of the law and protection of the rights of personal data subjects.
GIIP emphasizes that a whole layer of normative legal acts is to be adopted, since there is no liability for violation of the requirements of the legislation on the protection of personal data in our legislation.
Even if a source of the leak of photo of the car with fake number plates with personal data of citizens from Safe City cameras or a cybercriminal hacking Telegram accounts is detected and identified, it is impossible to hold them responsible for violation of confidentiality and failure to take measures for their proper protection. There are no relevant articles in the Criminal Code of Kyrgyzstan.