Expert warns against omnipotent agency
The cybersecurity bill would threaten citizens' rights and become a government tool to control social media ahead of the general elections instead of strengthening security capabilities and coping with national cybersecurity threats, says a security expert familiar with the law.
The new National Cybersecurity Agency will be akin to a juristic person that can earn income and charge service fees from others under this law, meaning the agency is both regulator and service provider, says the analyst, who requested anonymity.
"There is much concern over the upcoming cybersecurity bill, which is under consideration by the Council of State," said the source.
The draft allows the government to access other computer systems, mandate or order others to disclose their computer systems for investigation, or even freeze or shut down the systems under emergency security circumstances without a court warrant.
Moreover, the Electronic Transactions Development Agency will have the authority to prepare the creation of the National Data Protection Agency and the National Cybersecurity Agency, which cover all critical data for the country and individuals.
The cybersecurity bill also states the National Cybersecurity Agency can have its own laws and use funding from the Digital Economy Promotion Agency to procure security systems for other state agencies in case of a national security emergency, without going through the government procurement system, said the source.
The agency is also free to make joint ventures with other private organisations and can earn service fees or revenue. The agency has the right to keep that revenue without contributing any to the Finance Ministry.
"This means the agency can be both of regulator and operator; there is no check or balance of power, which sets a bad precedent," said the source. The source said the agency should be independent and receive no commercial benefit or conflicts of interest.
The law could also make the agency secretary a "superpower", commanding other state agencies in the case of a national security threat, without reporting to the National Cybersecurity committee.