Come July, Hungarian secret services may, at their sole discretion, order the suspension of online access for 90 days and renew the ban for another 90 days, as is reported by the leading Hungarian daily Népszava (Voice of the People)
An amendment, passed by the Hungarian Parliament on May 19, increases the powers of the secret services to a dangerous level. The bill submitted by Deputy Prime Minister Zsolt Semjen amends the National Security Act and the Electronic Information Security Act in several respects, allegedly to strengthen cybersecurity.
The law states that the National Security Service and the National Military Security Service can, under their own authority, restrict data or services „transmitted via electronic communications networks” that „pose a threat to the security of Hungarian cyberspace” or „that infringe or threaten national defense or allied interests,” and make them „temporarily unavailable.”
The period of „temporary unavailability” may be imposed for up to 90 days, which may be extended once by the same intelligence organizations for the same period. The measure practically means that they can make some online content and services inaccessible, meaning that they can shut down servers and even suspend the operation of online service providers.
„If the website of Nepszava (Hungarian opposition daily) writes that some tanks of the Hungarian army are, let us say, broken, and the National Security Service or the National Military Security Service considers this to be information that endangers national defense interests, then Nepszava online can also be suspended for 90 plus 90 days? Or any other Hungarian online newspaper, or even the hosting provider?” Tamas Harangozo asked. According to the socialist member of the Parliamentary Committee on Defense and Law Enforcement, it is clear that a company providing online services could simply be put out of business.
The politician explained that a state certainly must be ready to repel a cyberattack or any threat or violation coming from the online space. However, this bill is so rough and contains elements that it can simply become a bludgeon in the hands of the government, Harangozo believes. „It is a suitable tool to silence, or obstruct Internet content providers or other businesses as well,” the parliamentary representative of the MSZP (Hungarian Socialist Party) stated.
According to him, preventing a cyberattack or taking action against harmful, prohibited content obviously does not take 90, especially not two times 90 days, but typically a few hours, or a few days maximum. „If the bill stated that it could make a communications network or service inaccessible for a maximum of 12, 24, or 36 hours, I could even believe that it was written in good faith, that the government’s goal is really to defend itself. But a period of 90-days twice is completely incomprehensible and has nothing to do with defense,” Tamas Harangozo said.
The other part of the law, according to which the secret services may take such a measure even if, in their own opinion, such content or service “endangers the interests of national defense,” makes the situation explicitly dangerous, he added.
Incidentally, the law does not provide for any legal remedy available to the sanctioned service provider. Nor does it clarify exactly what is meant by „threat” and „threat to national or allied interests,” so the legislature has created a typical rubber paragraph that can be used at the discretion of the authority concerned.
Otherwise, there is already a legal possibility to temporarily or even permanently delete (make inaccessible) infringing electronic content. However, according to the Criminal Procedures Act, this always requires an investigation and a court decision. Now the National Security Service and the National Military Security Service could make an immediate decision without those steps.
As we have reported before, the same law (ironically entitled “Amendments to Certain Laws Enhancing the Security of Citizens”) also stipulates that the National Security Service may also carry out unrestricted monitoring of the data traffic of local governments, state organizations, or the National Assembly in order to defend against cyber attacks.