The Romanian government’s cloud project is overshadowed by controversy –

Romania’s cloud project is at the center of the government’s digitalization plan, which is set to benefit from 500 million euros in EU funds and bring the country closer to European goals in the field of cloud computing. online administration. So far, however, the proposal has been mostly successful in generating controversy.

The first steps taken by the Romanian authorities to enact legislation on the “government cloud” have generated intense reaction from civil society representatives and even from some public institutions that are supposed to join this cloud.

In line with the goals of eGovernment of Europe, Bucharest is committed to ensuring universal access to eGovernment services. There will be, for example, an online history of citizen interactions with the state, and personal data and documents will be protected by powerful cybersecurity systems.

“Cloud government facilitates the transition to a data-driven, secure and dynamic economy, a digital economy in line with the strategic guidelines for European Union action on data management”said Dragoș Vlad, president of the Romanian Digitization Authority.

The national plan for recovery and stability as a roadmap for digital transition

The government cloud is the main product of Romania’s national plan for recovery and stability in the field of digitalization.

The planned reforms aim to set up this cloud, “to ensure interoperability, improve connectivity, strengthen the protection and cybersecurity of public and private bodies as well as develop digital skills in the public sector”.

The National Plan for Recovery and Stability provides-directly or indirectly-funding of approximately € 500 million for the government cloud. It will be an IT infrastructure completed with the necessary cybersecurity measures that will host applications and public databases in four data centers.

According to Romania’s roadmap, this legislative framework should be in place before June 30. In addition, the Cyber ​​Defense and Security Law should be finalized and take effect by the end of 2022.

The emergency ordinance scandal

In the context of the urgency of these measures, the government published a draft emergency ordinance-a legislative instrument often used in Romania-which provoked strong reactions within the IT sector, non-government sector and even some central institutions.

According to this project, the implementation and maintenance of the public cloud will be assigned to the Special Telecommunications Service, a specialized intelligence service. The Romanian Intelligence Service (SRI) will manage its cybersecurity.

“The IRS cannot guarantee the security of personal data, because its legal purpose is to collect information”warned the Association for Technology and the Internet (APTI), led by lawyer Bogdan Manolea.

The Ministry of Digitization dismissed information privacy concerns, pointing out that the IRS cannot access data content in the cloud.

Anton Rog, head of SRI’s National Cyber ​​Information Center, said on the TV channel Digi24 that the government cloud is critical infrastructure, and that in the seven years the center has provided cybersecurity for 61 public institutions, there hasn’t been even a single complaint about SRI’s ability to access their data.

However, concerns remain, particularly about the IRS collection of traffic data, the data behind every communication, as it is impossible to provide cybersecurity services without it.

Radu Puchiu, an IT entrepreneur and Open Government Partnership Action Plan Envoy, called “more than weird” the choice to assign the government cloud to STS (Special Telecommunication Services), because the Ministry of Finance has an IT department with several hundred people and the Ministry of Interior also manages a critical database.

For Mr. Puchiu, the structure that takes shape is very rigid from the beginning, which will hinder its future development.

The IT industry also criticized the proposed law. The Association of Software Industry Employers (ANIS) warns that if the provisions of the draft law are retained, it is not possible to use non-proprietary technologies or open source technologies in cloud production.

The Ministry of Digitization has denied the claims, saying the private sector will be able to develop solutions and services for government cloud applications.

Public institutions are also dissatisfied

Critics of SRI’s involvement in the government’s cloud project come not only from civil society, but also state institutions.

SRI, STS and the Romanian Digitization Authority sent a technical questionnaire about cloud migration to 108 authorities and public institutions in Romania in February. Two weeks later, only 83 institutions completed the questionnaire.

Of those who have not yet responded, six are refusing to migrate their applications and data to the government cloud. These institutions like the Permanent Electoral Authority, Constitutional Court and National Anti-Corruption Directorate are very important.

“We consider that it is not normal that the STS and the SRI have access to all data and all documents prepared by the Permanent Electoral Authority (PEA) for the election”explained the head of the AEP, Constantin Mitulețu-Buică, in the newspaper Libertatea.

Similarly, officials of the National Anti-Corruption Directorate have set up their own computer applications with modern equipment to protect the flow and storage of sensitive information related to the ongoing investigation of criminal cases. .

In April, the Minister of Digitization tried to calm the controversy: “There is no question that the operation and use of the databases will be done by anyone other than the Romanian Digitization Authority”said Marcel Boloș, Minister of Research and Digitization at the time, and Minister of Investments and European Projects since May 3.

Mr. Boloș stressed that control of public databases will be maintained “in the civil sphere”.

Leave a Comment