The Commissioner for Information of Public Importance and Personal Data Protection estimates as worthy of support public authorities' activities aimed at creating conditions for easier, faster and better exercise of rights and compliance with obligations, through electronic communication with citizens , and in the same context, as logical and reasonable public authorities' campaigns (e.g. replacement health cards) inviting as many citizens as possible to use the opportunity to do so electronically.
However, the Commissioner warns that the analysis of state authorities' portals has easily revealed some facts that may be cause for concern and that must not elude the authorities' attention. This primarily and particularly refers to cases where communication involves the distribution of a large number of personal data that can be compromised and misused.
When accessing the state authorities' portals, right at the first step, citizens are faced with "windows" on the screen, or warnings that communication on these portals is unsafe. From the viewpoint of the objective of campaigns inviting the citizens to use them, this is quite illogical, almost absurd, and totally contrary to this goal, because it is quite certainly discouraging for a number of citizens. And more importantly, because it causes many reasonable doubts regarding personal data security in the citizens who do decide, despite all of the above, to use the services of these portals.
In state authorities' statements made at the Commissioner's request they claim that portals have a correct SSL certificate issued by the accredited Certification Body, PE Post of Serbia, that the said certificate is valid and correct and, as such, guarantees secure transfer of user data. It is claimed that the warning appears on the screens when accessing the portals because the certificate is not recognized by the manufacturer's web browser: Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Opera, Safari, etc., since it is not listed in registers of certificates of browser manufacturers. It is claimed that this could lead to confusion in portal users, however, functional safety while using the portal has never been compromised.
However, despite these claims, one shouldn't ignore the fact which indicates that the "non-recognition of existing certificates" is not the only reason for such warnings. The point is that some of our largest national portals, e.g. eGovernment and eTaxes, have been awarded the worst grade (F) ТЕСТ, due to their" vulnerability "(old and weak algorithms and protocols) by using the globally recognized authoritative online test, of the well-known information security provider Qualys SSL Labs from the USA.
The Commissioner estimates the current situation as harmful, regardless of whether it is explained by the "non-recognition of certificates" or some other reasons, and it should not be tolerated. Accordingly, the Commissioner informed the line ministers of state administration and local self-government and trade, tourism and telecommunications via letters , requesting all necessary measures to be taken in order for the reasons for dilemmas and anxiety among citizens to be removed, and the risks for their personal data in electronic communication with authorities reduced to the minimum.
