CEO of Nethemba - Slovak IT security company founded in 2007, primarily focused on web application security and various penetration tests.
How Slovakia prepares for digital totalitarianism of the Chinese type
- The Ministry of Finance publishes a list of banned sites that Slovak ISPs and mobile operators must block
- So far, it contains "only" a list of unlicensed online gambling portals
- This is not a ban on online gambling, but a ban on online gambling without a state license (what do you think is the state-owned company Tipos banned? :-)
- Internet censorship always increases over time (never the other way around - examples of Russia, UK, China, Arab world)
- Implemented in the form of a DNS Blacklist
- It is trivial to bypass the DoH protocol (DNS over HTTPS), which is implemented and can be turned on with one click in all current browsers.
- A dysfunctional, easily exploitable thing for taxpayers' wasted money
- Massive tracking of the shopping habits of all citizens (information about each item of your purchase is immediately sent online to the Financial Administration's servers)
- Potential abuse in case of the leak - may be misused against the unfair competitive fight, economic espionage, in case of deanonymization it means drastic invasion of privacy of all citizens
- Possibility of deanonymization using correlation with personal data of payment companies (VISA, Mastercard) as well as with location data of citizens from mobile operators (obtained by GSM triangulation) - the question is just when the state will have access to it - with the court order
- Thanks to this correlation, the state likely can deanonymize the transactions - to find out who is buying exactly what and where (which products and services at what time and in what place)
- This is a key attribute for determining the "Chinese" social score
Monitoring and blocking financial flows
- Although we are witnessing money laundering by the largest banks (eg Danske bank), bank transfers are sharply over-regulated (eg transfers outside the EU over USD 10,000 require an invoice document, over USD 50,000 to document the entire contract and worksheets)
- A number of third parties are informed about each of your financial transactions (only PayPal sends personal data to more than 600 third parties!)
- Problem with the legalization of crypto-mining income
- Intentional freezing and closing accounts can be misused to fight against political competitors or uncomfortable people (this is really happening in various countries e.g. in the Czech Republic)
Ban of anonymous SIM and payment cards
- There is no real evidence that mandatory SIM card registration with a real person increases the number of investigated crimes
- German researchers published a detailed study in which they presented the fact that the existence of anonymous vs registered SIM cards does not affect the number of detected crimes.
- Massively gathered information about SIM card owners may be misused in the future (!)
- In Slovakia, you can still use anonymous SIM cards (for example, Czech or British) as well as anonymous global eSIM
- The best way to prevent the misuse and leakage of sensitive data by mobile operators or government institutions is, in the first place, NOT to collect ANY!
Location tracking of citizens without a court order
- Thanks to GSM triangulation, the mobile operators can reveal your location with the proximity of a few meters
- Since March 2020, they are providing this information to the state office without a court order!
- After the leak of insufficiently anonymised data on positive COVID-19 patients or the failed state application for contact-tracing "Stay healthy", do you believe that the state can take care of such critical sensitive data as information about the location of citizens?
- According to the current COVID-19 legislation, the state does not need the consent of citizens to spy on them (as in the Czech Republic, for example), at the same time there is no legal protection that could not lead to massive tracking of thousands of people at once as long as there is a suspicion of coronavirus.
- UPDATE: 13.5.2020 this law has been declared unconstitutional
- In Slovakia, there is a ban of any cash above a certain amount (EUR 5000 in the case of legal entities and EUR 15000 in the case of physical persons
- By law, you are forced to use bank accounts for larger volumes giving up your financial privacy
- Some Slovak banks do not open a bank account to people with permanent residence outside the EU
- Cryptocurrency users are discriminated according to the current bad crypto legislation - they must pay income tax if they get a profit on cryptocurrencies. Conversely, if they lose, they cannot use it as an expense
- The Slovak crypto legislation is one of the worst (suitable mostly for money laundry)
The inability of the state to take care of the privacy of citizens
- The Slovak state institution leaked the data about the location of COVID-19 positive patients (street level address, gender and age)
- This information can be correlated with publicly available information (eg cadastre) and a large part of the owners of these properties (and their family) can be deanonymized
- State "contact tracing" application "Stay healthy" does not respect basic security rules (allows deanonymization)
- Can the state take care of citizens' location data or information about all their shopping habits (if it has already failed multiple times)
- Hello, where is GDPR?
Do you still think that digital totalitarianism should not concern you?
We already have the building blocks to establish China's digital dictatorship.
The question is not "whether" but "when" digital totalitarianism will occur.
We are not starting to build massive digital surveillance, but we are now facing the last step of its unlimited form.
How Slovakia prepares for digital totalitarianism of the Chinese type.
By Pavol Luptak