Whistleblower from MUP: They didn’t even know which employees have access to protected information in police

The resolution about him not being a part of the work force any longer has been marked as “strictly confidential”. He was warned that due to the resolution being marked as such he is not to speak to anyone about it, otherwise he will be prosecuted.

He assumed that he’s been removed from the work force because he addressed the Internal Control Sector on multiple occasions in regards to unlawfulness of MUP operations. Having in mind previous discrepancies he decided to check whether the party that delivered the resolution even had rights to hold such document marked as “strictly confidential”.

It turns out that they didn’t actually have such rights since according to official information he received they didn’t have a right to access those protected information.

That’s not the end of unlawful behavior. Namely, the police directorate didn’t have the information of who of the employees even has the necessary certificate.

All of that only means that protected and confidential information is being handled by unauthorized personnel. Since he found that to be a threat to state’s security he went to the authorities, however, no one reacted.

 “Since I’ve so far acted as both internal and external whistleblower, and since the authorities are not acting according to the current Data Confidentiality Law and that in regards to that there is a threat to the security of the Republic of Serbia as access to a document marked as “strictly confidential” is being granted to personnel that don’t have the official certificate and furthermore haven’t passed the necessary verifications, in this manner, according to article 19 of Law on Protection of Whistleblowers, I hereby am publicly “whistleblowing””, stated the whistleblower in documentation he forwarded to Insajder.

Documentation he delivered confirms that all relevant parties have been informed and asked to take action. Authorities kept silence although they were warned of serious doubts – that unauthorized personnel is accessing confidential information in MUP without having passed necessary security verification.

 “If a document is marked as confidential, strictly confidential or state secret, to access such document it is necessary for the handlers to have the relevant certificate which would mean that they have passed necessary control that on the level of the confidentiality of the document”, stated Miloš Janković, former deputy Protector of Citizens, for Insajder.

According to law, to access confidential information it is necessary to be in possession of the certificate issued by the Office of the National Security Council. Without the proper identification, access to such sensitive information can be granted only to Prime Minister and President of the National Assembly. Everyone else must have the certificate. One of these certificates, that grants access to the most sensitive information, was issued for Miloš Janković at the time of being deputy Protector of Citizens.

 “Security protocol verifies various aspects and from various state departments. For example, when it is a matter of state secret, that certificate that I had would’ve been verified by BIA and the law explicitly states that there is a possibility of looking into personal life of the person who is to be granted that right.”, adds Miloš Janković.

Until last year, the very head of MUP, as it turns out, didn’t have knowledge of whether the police officers that had access to that information had the mentioned certificates.

That means that the police officers have been bugging, tracking, intercepting communication, and their bosses, even though it is their job, didn’t even know whether they have passed the security verification.

This fact has been discovered based on the statement of the director of police Vladimir Rebić addressed to the Protector of Citizens, who initiated the process of verification after receiving complaints from the MUP whistleblower who in the end turned to Insajder as well.

 “What the response the Protector of Citizens received from MUP implicates is that that they didn’t have any record, not just unreliable, but any record about which police officers are authorized to handle confidential information, i.e. who had the certificate”, adds Janković.

MUP not acting according to Data Confidentiality Law in a certain period is a fact. Is the situation still the same today, we don’t know at this point as we haven’t received any response from MUP in regards to the certificates.

If the law has been broken, complaints should be made by Data Confidentiality Department that works within the Ministry of Justice. In the ministry they told us that they don’t have an adequate spokesman for this matter.

Attorney Rodoljub Šabić, who as a commissioner had the certificate for access of confidential information, says that it is inadmissible not to act according to law.

 “It is possible that a lot of people that accessed confidential information did it consciously even though they didn’t have the certificate due to the fact that no one performed process of certification. But at the same time, you know that countless times we witnessed information qualified as confidential being printed in newspapers”, points out Šabić.

Data Confidentiality Law has been passed in 2009, and its practice has began in 2010. It was announced as the law that would reconsider confidentiality of even 80% of documents. Instead, it seems a decade later that the confidentiality has reached an even further limit, and that the confidentiality, instead of being used for the purpose of the nacional security, is actually being used to hide countless unlawful acts and missconducts. Additional problem is, as clearly visible in the newest Insajder’s story, that there is a possibility that levels of confidentialty have been decided by those unauthorized to do so.