
The National Cyber Protection Authority (AKSK) has finally reacted through an official response regarding the debate raised after the deployment without any notice of Deep Packet Inspection devices in the network of the mobile companies Vodafone Albania and One Albania.
Through an official response sent to journalist Emirjon Senja, AKSK officially acknowledges the installation of these devices, justifying this action with the need to shut down the Tik Tok service in Albania.
AKSK also admits that the DPI devices installed at Vodafone Albania and One Albania were provided by Israel, while it is said that they were not purchased, but were only put into use for one year and will then be returned to the Israeli Cyber Security Authority, writes skyweb.al.
These details are being made public for the first time, while as it is learned, AKSK refers to an agreement concluded with the Israeli Cyber Security Authority in February 2023, precisely during the period when the scandal of hacking of AKSHI systems broke out and the salaries, license plates, phone numbers and bank accounts of Albanians were exposed.
Asked about the legal basis on which these devices were installed, AKSK says that it referred to the government's VKM on the closure of Tik Tok; the Law on Cybersecurity as well as the Law "On the Rights and Protection of the Child", while there is no legal reference in this regard that protects personal data from misuse.
Also, in the response given to journalist Senja, AKSK emphasizes that DPI devices cannot eavesdrop on citizens.
" The DPI platform analyzes ONLY the header of the IP internet protocol packet and is technically unable to decrypt/decode and analyze the content of the packet itself (payload). Communications with content that are transmitted on the internet in our country are 100% encrypted with keys based on asymmetric algorithms for their exchange, as well as symmetric for content encoding. Under these conditions, DPI is NOT able to access or read the content of the communication. DPI only sees that "something is being sent somewhere", but cannot identify the sender, the recipient or the content of the information ", explains AKSK.
The installation of DPI equipment is expected to be carried out at other ISPs in addition to Vodafone and One Albania, according to AKSK, as it is expected to move to the second phase of this process.
AKSK states:
The implementation of the DPI technique in Albania is divided into two phases:
1- The first phase covers the mobile companies Vodafone and One.
2- The second phase covers all wholesale internet service providers, who serve as intermediaries between internet access points in our country and other internet service providers.
Experts in the field as well as journalists have expressed concern about censorship and misuse of personal data through the installation of DPI devices without a proper regulatory framework that prevents precisely such problems.
So far, the only assurance provided by AKSK is verbal, providing explanations of what the DPI does and does not do, while there is no (at least not one that has been filed) procedure that shows how personal data is protected.
Cybersecurity expert Besmir Semanaj has expressed concern that DPI devices perform a genuine profiling of individuals while using the internet, where even though the content of messages cannot be read, the interlocutor can be identified; the communication application; whether they are speaking by voice or SMS, whether they are sending documents or videos, etc.; which websites or applications they are visiting, etc.
Meanwhile, AKEP, which is the institution responsible for electronic communications in Albania, has not yet reacted. / Skyweb.al
Lini një Përgjigje