At the request of ‘Bukvy’, the Internet Association of Ukraine provided an explanation of the risks created by the launch of the system of blocking access to websites in Ukraine and explained the shortcomings and risks of the adoption of draft law No. 9250 dated 04/28/2023 ‘On Amendments to the Law of Ukraine ‘On Electronic Communications’ (regarding anti-phishing)’, which actually legalizes the already created and partially launched filtering system.
When asked whether the filtering system for phishing domains has already been implemented, the Internet Association of Ukraine replied that the system has already been implemented and is operating in Ukraine.
They also noted that in accordance with the order of the National Center for Operational and Technical Management of Telecommunications Networks No. 67/850 dated 30.01.2023 with changes from 06.03.2023, providers of electronic communication networks and/or services had to register in the filtering system by 21.03.2023 and to ensure further filtering of phishing domains on recursive DNS servers in accordance with the Regulations for the operation of the phishing domain filtering system.
According to the National Security and Defense Council, as of May 19, 2023, about 400 providers of electronic communication networks and/or services are connected to the system.
To the question of whether the comments and reservations expressed by the Internet Association of Ukraine regarding the launch of the system and the format of its work were taken into account, the Internet Association of Ukraine replied that none of the comments and reservations were taken into account.
What key risks does the Association see in the adoption of draft law No. 9250 of April 28, 2023?
Draft Law No. 9250 dated 04/28/2023 proposes to grant the State Special Communications Agency the authority to develop and approve anti-phishing rules, as well as to establish the rights and obligations of DNS providers.
The explanatory note to draft law No. 9250 did not mention that the mechanism of centralized automatic blocking of domains had already been created and was functioning in Ukraine, it has been implemented since March 21, 2023 by Order of the National Center for Operational and Technical Management of Telecommunications Networks dated January 30, 2023 No. 67/850 ‘On the implementation of the filtering system for phishing domains’.
The Internet Association of Ukraine believes that this draft law is obviously aimed at legalizing the already built and, in their opinion, illegally functioning domain blocking system.
This includes corruption risks, since the decision is made by ordinary officials; risks of losing access to domains due to cyber-attacks or illegal intervention from the inside; risks to freedom of speech, as this mechanism can be used to block online media; risks of illegal collection of users’ personal data.