If you want to know about pressure on businesses by law enforcement in Ukraine, just ask a techie.
IT firms have for years borne the brunt of illegal and intrusive searches by law enforcement agencies. Police have often confiscated their computers and servers – the bread and butter of their businesses – paralysing their operations.
The grounds for the searches are often shaky: Ukraine’s law enforcement claimed that the most recent searches of IT firms were required because they suspected some companies had been involved in either misappropriation of government data, cooperating with Russia, or embezzlement.
Although police only searched a few firms in 2017, at least 30 have suffered intrusive visits by law enforcement over the last three years, putting the Interior Ministry and Security Service of Ukraine, or SBU, who conducted the searches, at loggerheads with the managers of top tech companies.
Many IT companies threatened to quit Ukraine. Some did.
The main problem, according to tech business people, is that the SBU and Interior Ministry officers were far too heavy-handed – the confiscation of servers, office equipment and even personal laptops deprived companies of vital information, halting their operations in some cases, and thus costing them money and their business reputation.
None of the searches have ever led to any known criminal charges. In fact, some of the firms that were searched have won cases against the law enforcement agencies’ actions, while others are waiting for their cases to go to court.
‘What’s the point?’
In one notable case, Divan.TV, a firm that provides video streaming services, had its servers seized back in 2015. It subsequently went to court, won two cases and got its equipment back.
The company had been accused of streaming some television channels illegally, but proved in court that it had the necessary licenses.
“What was the point?” the company’s CEO Arkadiy Kanyuka said. “Dozens of officers were involved in raiding our company, instead of doing something more important.”
He said the raid could have destroyed the company, had it not backed up its data multiple times. In addition, police never even looked at the company’s licenses during the search.
Instead, they went straight for the company’s equipment.
And now, more than two years later, police re-opened the case.
The situation with law enforcers raiding businesses became so bad that the government finally acted.
Prosecutor General Yuriy Lutsenko on Oct. 5 signed a letter of understanding with business on the way office searches should be conducted. The Cabinet followed on Nov. 10 by submitting a draft law on protecting businesses from unjustified and illegal searches. Less than a week later, the parliament passed it. It came into force on Dec. 7.
It turned out, less than a month was needed to give the businesses protection from misconduct by law enforcement.
Information technology firms have suffered intrusive searches by law enforcement agencies for years. Tech businesses complain that the police lack proper training – they use outdated methods, usually seizing personal computers instead of copying the information.
New rules
The new law requires investigators carrying out searches of businesses to videotape their actions, and those being searched can also record the search.
Searches can only be carried out under a warrant. Lawyers have to be present. Investigators under most circumstances are prohibited from seizing original documents or hardware – including servers, personal computers and smartphones – and may only make copies of data, under the supervision of a technical expert. Also, the law forbids the re-opening of cases.
The highly anticipated law has been given a cautious reception by the tech industry.
Dmytro Ovcharenko, vice president of Ukraine’s IT Association, said he has already spotted some bugs.
While police are forbidden from seizing servers and computers – the main gripe of the IT companies – there are exceptions. If the police are unable to make copies of the information they need, they can still confiscate the hardware in which the data is stored, Ovcharenko said. Moreover, hardware can be confiscated if the police determine that they need it for a forensic examination.
On top of that, there’s no clear definition of words like “computer” and “server” in Ukrainian legislation, meaning the authorities might be tempted to creatively interpret the new law.
Neither is there any mention of how searches will be funded: to make video recordings and copy data, the police will have to have the required equipment and specialists on hand – and that’s expensive. Ovcharenko said he doubts that the government will allocate enough money for this purpose.
Scared clients
IT is one sector where the government really has to get it right if it wants Ukraine’s image to shine.
The industry accounts for 3 percent of Ukraine’s gross domestic product. It earned more than $2 billion from exported goods and services in 2016, according to the National Bank of Ukraine.
In the past, unlawful searches scared off potential investors and forced some of the country’s best tech professionals to seek a quieter life abroad.
Ovcharenko recalled how police once raided a Kharkiv-based IT company – apparently by mistake. They “aggressively” searched their premises and scared a foreign client, who afterwards annulled a $1 million contract.
“We simply don’t know how many potential investors have looked at this situation and decided that it’s not worth doing business with a Ukrainian company,” Ovcharenko said.
He suggested making it a criminal offense to violate the rules for conducting a search, since “nobody needs rules if nobody’s held accountable for breaching them.”
No one’s sacred
But Vitalii Vlasiuk, the co-founder of law firm ePravo, said that the law is good for business in general. He points out that not all businesses are perfect either. While a lot of attention is focused on the actions of law enforcement, few questions are asked about the legitimacy of some of the IT companies’ activities.
Some searches of companies by law enforcement are justified, Vlasiuk said.
“No business is sacred. If a company is engaged in gambling under the guise of ‘game development’ or channels revenue to support terrorists, then there is no point (in complaining),” Vlasiuk told the Kyiv Post, saying that he knew of such cases.
He said IT companies should cooperate more with law enforcement, and inform police if they notice any illegal activity in the industry.
The Kyiv Post’s IT coverage is sponsored by Ciklum. The content is independent of the donors.
