Democracy Research Institute (DRI), a local think-tank, warned on September 21 that the proposed amendments to the Law on Information Security may pose “risks of total control and mass human rights violations,” as the changes grant the State Security Service, Georgia’s chief domestic intelligence body, unrestricted access to the information of public agencies, and private companies, including electronic communications entities.
The CSO highlighted various concerns regarding the draft amendments, noting that as per the bill, a list of organizations that deal with “critical information” will be created, encompassing public agencies and private enterprises alike. DRI argued that the proposed legal definition of organizations that handle “critical information” is general and vague, posing a risk of “abuse of power.”
DRI noted that State Security Agency could be provided with “unlimited authority to access information on the informational systems of the Court, the Parliament, local self-governance bodies” through its subordinate Operative-technical Agency, on the grounds of IT infrastructure inspections. This, the CSO stated, could provide unrestricted access to personal communications, records, and information of people employed at these organizations.
The CSO also noted with concern about the proposed requirement to appoint information security managers at the organizations deemed as handlers of “critical information.” Noting that proposed amendments envisage only the persons with access to state classified information to serve as managers, CSO highlighted that it falls under the State Security Agency’s authority to permit access to classified information; thus, the watchdog noted, once SSG-endorsed persons will in effect determine whether SSG can access to the organizations’ information assets.