IT companies see bugs in new law designed to protect from unreasonable police searches
If you want to know about pressure on businesses by law enforcement in Ukraine, just ask a techie.
IT firms have for years borne the brunt of illegal and intrusive searches by law enforcement agencies. Police have often confiscated their computers and servers – the bread and butter of their businesses – paralyzing their operations.
The grounds for the searches are often shaky: Ukraine’s law enforcement claimed that the most recent searches of IT firms were required because they suspected some companies had been involved in either misappropriation of government data, cooperating with Russia, or embezzlement.
Although police only searched a few firms in 2017, at least 30 have suffered intrusive visits by law enforcement over the last three years, putting the Interior Ministry and Security Service of Ukraine, or SBU, who conducted the searches, at loggerheads with the managers of top tech companies. Many IT companies threatened to quit Ukraine. Some did.
The main problem, according to tech business people, is that the SBU and Interior Ministry officers were far too heavy-handed – the confiscation of servers, office equipment and even personal laptops deprived companies of vital information, halting their operations in some cases, and thus costing them money and their business reputation.
None of the searches have ever led to any known criminal charges. In fact, some of the firms that were searched have won cases against the law enforcement agencies’ actions, while others are waiting for their cases to go to court.
New rules The new law requires investigators carrying out searches of businesses to videotape their actions, and those being searched can also record the search.
Searches can only be carried out under a warrant. Lawyers have to be present. Investigators under most circumstances are prohibited from seizing original documents or hardware – including servers, personal computers and smartphones – and may only make copies of data, under the supervision of a technical expert. Also, the law forbids the re-opening of cases.
The highly anticipated law has been given a cautious reception by the tech industry.
Dmytro Ovcharenko, vice president of Ukraine’s IT Association, said he has already spotted some bugs.
While police are forbidden from seizing servers and computers – the main gripe of the IT companies – there are exceptions. If the police are unable to make copies of the information they need, they can still confiscate the hardware in which the data is stored, Ovcharenko said. Moreover, hardware can be confiscated if the police determine that they need it for a forensic examination.
On top of that, there’s no clear definition of words like “computer” and “server” in Ukrainian legislation, meaning the authorities might be tempted to creatively interpret the new law.
Neither is there any mention of how searches will be funded: to make video recordings and copy data, the police will have to have the required equipment and specialists on hand – and that’s expensive. Ovcharenko said he doubts that the government will allocate enough money for this purpose. Scared clients IT is one sector where the government really has to get it right if it wants Ukraine’s image to shine.
The industry accounts for 3 percent of Ukraine’s gross domestic product. It earned more than $2 billion from exported goods and services in 2016, according to the National Bank of Ukraine.
In the past, unlawful searches scared off potential investors and forced some of the country’s best tech professionals to seek a quieter life abroad.
Ovcharenko recalled how police once raided a Kharkiv-based IT company – apparently by mistake. They “aggressively” searched their premises and scared a foreign client, who afterwards annulled a $1 million contract.
“We simply don’t know how many potential investors have looked at this situation and decided that it’s not worth doing business with a Ukrainian company,” Ovcharenko said.
He suggested making it a criminal offense to violate the rules for conducting a search, since “nobody needs rules if nobody’s held accountable for breaching them.”
No one’s sacred But Vitalii Vlasiuk, the co-founder of law firm epravo, said that the law is good for business in general. He points out that not all businesses are perfect either. While a lot of attention is focused on the actions of law enforcement, few questions are asked about the legitimacy of some of the IT companies’ activities.
Some searches of companies by law enforcement are justified, Vlasiuk said.
“No business is sacred. If a company is engaged in gambling under the guise of ‘game development’ or channels revenue to support terrorists, then there is no point (in complaining),” Vlasiuk told the Kyiv Post, saying that he knew of such cases.
He said IT companies should cooperate more with law enforcement, and inform police if they notice any illegal activity in the industry. Information technology firms have suffered intrusive searches by law enforcement agencies for years. Tech businesses complain that the police lack proper training – they use outdated methods, usually seizing personal computers instead of copying the information.