Bulgaria’s personal identity theft scandal: complaints grow
Bulgaria’s Prosecutor-General Sotir Tsatsarov said on April 17 that it would be very difficult to identify individual perpetrators in the abuse of personal data, but prosecutors would endeavour to follow up all complaints, the number of which was constantly growing.
His comment came amid national controversy over revelations that political parties had used the personal identification data of individuals, without their knowledge or consent, to apply to register the parties to compete in Bulgaria’s May 25 2014 European Parliament elections.
Almost all political parties have been found to have illicit use of personal data in their registration supporting documents.
A joint statement on the case was expected on April 17 from the prosecutor’s office, the Central Election Commission and the Commission for Protection of Personal Data.
Tsatsarov said that an effort would be made to identify those who had illegally used the data because doing so was a serious crime.
He said that the difficulty came from the fact that signatures were collected by a number of different people at various locations in the country. Trying to identify an individual offender would have to begin with identifying the regions from which the counterfeit signatures came. That would be followed by trying to identify who had provided the illicitly used personal identification number and signature.
On top of that, there was the issue of the misuse of personal data that was available online in places such as the Commercial Register.
Tsatsarov said that he agreed with the view expressed by the Access to Information Programme’s Alexander Kashumov that unscrupulous employers could use the online checking system set up to enable people to see whether their personal data had been used to back political parties, to try to establish the political affiliations of their employees.
On April 16, President Rossen Plevneliev voiced his concern about the cases involving the misuse of personal data by political parties and coalitions registering for the European Parliament elections.
Plevneliev said that he hoped that the relevant institutions would respond quickly and that those guilty of breaking the law would be punished.
The scandal deepened amid reports showing that on the internet, the personal identity numbers (commonly referred to by their Bulgarian abbreviation as EGNs) of almost everyone – including top state and political office-bearers including Plevneliev himself – can be found on the internet with scant difficulty.
On April 17, bTV reported that stacks of paper with the personal data of dozens of people from the town of Svogbe living in various places in Sofia had been found in Positano Street.
Stefan Cholakov said that he found the papers while walking his dog. “If my dog can find a few thousand signatures, he can become a candidate for the European Parliament,” Cholakov said.
Mathematics professor Mihail Konstantinov said that the system of EGNs had been compromised for years.
He cited a case where a person had lost their apartment because of the theft of their personal identity information.
Konstantinov called for an overhaul of the system, noting that the “personal data” in an EGN are really just its last four numbers, because the first six are based on the holder’s date of birth.
The main source of the problem, he said, was “our own stupidity. It is known that in the universe the two most common things are hydrogen and stupidity”.
Further, it also emerged on April 16 that there was some lack of clarity about the process whereby personal data unlawfully used in political parties’ registration documents could be removed.
Various options were advanced as to how this should happen – whether it should be done by the Central Election Commission, or after an order from the Commission for the Protection of Personal Data or whether a victim of identity theft by a political party would have to approach the Supreme Administrative Court for an injunction to delete the data. The latter would, given the average “speed” of Bulgaria’s court system, take a long time.
Bulgarian-language media reported that Maya Manolova, the socialist MP who was responsible for pushing the new electoral laws through the current Parliament, denied having committed a gaffe in the provisions about personal identification data.
“We should examine the scale of the abuse and then consider statutory changes,” Manolova said.
The head of Parliament’s committee on internal security, Atanas Merdzhanov of the BSP, said that at a forthcoming meeting, the new head of the Commission for the Protection of Personal Data, Ventislav Karadzhov, would be asked to explain what measures were being taken in connection with the case. Only after that could legislative amendments be decided, Merdzhanov said.
Hamid Hamid of the Movement for Rights and Freedoms (reportedly the only party not to be the subject of complaints about unauthorised use of personal data) called for changed procedures to tighten controls and for more severe penalties for political parties, including even disbarring them from the register.
Krassimir Tsipov of centre-right opposition party GERB said that parties should face sanctions from the Commission for the Protection of Personal Data over the current scandal, not excluding that his own party could be subject to them.
(Photo of Prosecutor-General Sotir Tsatsarov: BNT)