Magánéleti és üzleti nyomozások


Mobil: 20/356-8920

Hungarian intelligence services can observe virtually any digital communication

Hungarian intelligence services can observe virtually any digital communication. There is a wide range of people involved, regardless of whether they are Hungarian or foreign. Most free and paid, web or mobile, voice or video-based communications, email, chat, and social media are affected.

According to the legal reason, the aim is that the Hungarian secret services can see everything in the age of changed communication - of course, on the pretext of the perceived or real threat of terror in Hungary. However, the new provisions are also heavily restrictive in international comparison, and allow for a number of abuses by Hungarian intelligence services that have recently been found to have been violated by the European Court of Human Rights. In addition, the practical benefits and applicability of the new observation rules are highly questionable.


After the terrorist attacks in Brussels, there was the news that the government wants to make encrypted communications punishable by users as well. This idea was quickly abandoned in government circles as virtually all digital communications are encrypted. Finally, as part of the anti-terror law package, the Parliament supplemented the Electronic Commerce Act with new provisions allowing extensive monitoring of digital communication. Essentially, the opposition did not object to this. Further rules of the co-operation obligation of the providers of communication services are set out in 185/2016 published on 13 July. (VII. 13) government decree.


It is mandatory to observe the user if the secret services request it


So far, Hungarian secret services have been able to monitor users with telecommunication companies and internet service providers. The observation of analogue communication seems to be an important source of information for domestic law enforcement and intelligence work. The new regulation, however, "Application providers" are also required to cooperate. Practically anyone who provides digital communication services is an application service provider. From a web mail provider, via mobile communications for communication, to the operating system of multiplayer game software.

Such providers are now obliged to retain their metadata for a year and release it to the secret services upon request. The law sets the scope of metadata very broadly. For example, it is questionable whether the user's password is also considered as a data to be retained and transmitted.


It is likely to be in practice a search where the secret service will interpret the law so that it can also ask for a password.
Conservation and release of metadata will not be relieved by service providers even if they are not familiar with them at the moment. One of the aims of the regulation is to change the structure of their services in such a case and to store the metadata in the future. There is no longer a service where metadata is not recognized by the service provider. For example, any service provider has not logged IP addresses so far, it is now also obliged to build such a database.

However, the service provider can still decide whether the communication itself is provided by endpoint encryption, so that the encryption takes place on the user's device and thus the service providers do not have access to its content. Taking into account the needs of users after the Snowden scandal, many popular web and mobile messaging services already work this way, and the content of such communications is not allowed by the new regulations. Most of the online communication, however, is not encrypted with endpoint encryption today - however, the law obliges service providers to disclose the full communication of the affected user. The Act also names textual, numeric, visual, audio and video communications separately.


Service providers are required to cooperate in principle only in the case of a request that complies with the law, in practice they can only observe compliance with part of the procedural rules. The new regulation provides that the secret service may only provide the provider with information that is strictly necessary for the provision of the information. Thus, providers who have been asked for secret information may not be able to check whether the request for information is proportionate and in particular whether they are legitimate, unlike in the case of criminal and other official inquiries. Due to the minimization of the information available to the service providers, it is not clear whether the requested information is being requested by the secret services, whether they are related to a specific case.


The service provider will typically have no idea that the data is required to observe a violent terrorist group or to unlock the sources of journalists' sources of civil rights defenders.
Even more problematic is that the provider does not have the right to collect and archive the observed communication, metadata and other data related to the cooperation. So the service providers require new regulations to provide them, so that they can not verify afterwards what kind of user, when and what they have communicated to which authority.