This is very serious explanation of the implications of the newly published regulations of what is known as the Cybercrime law, but written in a “humorous” way, a common cultural approach in dealing with very serious situations.
What no one is going to explain to you about the new regulations of TELCOR
By Manuel Díaz, January 29, 2021 in on-line magazine Bacanalnica
When you study Law, the teachers explain to you that laws need regulations to be applicable. At least that is more or less what I remember, when in my time as a lad I went to the university to make it look like I was studying law. I only did what I had to in order to not fail the class, and did the exams aiming for the minimal passing grade.
As they say, I could be mistaken about this detail. That is why I asked my mother, a lawyer who does take her profession very seriously, and in addition is an expert in how laws are made. She basically told me that I was right. More or less. Let us say yes, but that in Nicaragua law is what Daniel “The child Massacrer” Ortega says…and if he says there are no regulations, well then there are no regulations.
This time, it seemed to the Massacrator that there should be regulations for the famous Cybercrime law , and believe it boys and girls, today the regulations made their introduction to society.
Regulations for the preservation of data and information
This is what the piece of the regulations that were published in the Official Record are called. I say piece, because what came out today does not regulate all the articles that the Gag Law includes, just those related to the information of the users that some telecommunications providers keep. So it is that I would say that there will be several sequels, as it occurs to the Massacrator to excrete, or rather, decree more regulations.
But let us get fully into the commentary, article by article:
Article 1. Objective
The current Norms has the goal of establishing the obligation on Operators authorized by TELCOR to save the data and information generated or treated within the framework of the provision of telecommunications services, for the purpose of preventing, investigating, persecuting and sanctioning the commission of crimes established in Law No 1042 “Special Cybercrime Law.”
All companies who at some time have gone to TELCOR to deal with a matter, this is for you and its compliance is obligatory, so pay attention.
Article 2: Obligated Actors
Obligated actors in the current regulations are those Telecommunications Operators authorized by TELCOR, be they individuals or legal entities, for the provision of fixed and mobile telephone and internet services, as well as community cell towers and trunking connections under the following modalities:
- Landlines
- Cell phones
- Internet access
- Data transmission
- Marketing Telecommunications Services
- Carrier service
- Marketing Satellite Carrier Service
- Marketing Satellite Phones
- Teleport earth stations
- VSAT Earth Stations
- Community cell towers and Trunking Connections
Here is a list in case someone wants to go crazy. No brother, they got you, better pay attention or you can go to jail.
Article 3. Obligation to preserve data and information.
Actors obligated by the current Regulations must preserve the following data and information:
Here comes the list of data that these poor people are going to have to save for when the Sandinista Police show up and ask for the USB.
- Data needed to trace and identify the origins of a communication:
1) In terms of landlines and cell phones:
i) the number of the phone that originated the call
ii) The full name, ID card number, and address of the user of the service, when the number of origin is within the same network.
2). In terms of internet access, email by internet and internet phone (VoIP):
I) identification of the user and/or assigned location
ii) Identification of user and/or location and phone number assigned to each communication that accesses the public phone network; and
iii) the name and address of the user of the service and/or facility to which he was assigned at the moment of the communication, an Internet Protocol (IP) address, identification of the user or phone number
iv) Information about the communication Protocol used in the service and number of the communication port.
2. Data needed to identify the destination of a communication:
1) In terms of landline and call phone:
i) the number or numbers dialed (the destination number or numbers), and in those cases where other services intervene, like the redirection or transfer of calls, the number or numbers to which the calls were transferred; and
ii) complete names, numbers of ID documents, and addresses of the users of the service, when the destination numbers are within the same network.
2) In terms of internet email and internet phone (VoIP):
i) identification of the user or the telephone number of the destination or destinations of an internet phone call; and
ii) the full names, numbers of ID documents and addresses of the users of the services and the identification of the destination user of the communication.
iii) Information about the communication Protocol used in the service and the number of the communications port.
3. Data needed to identify the date, time and length of a communication:
1) In terms of landlines and cell phones. The date and time of the beginning and the end of a connection;
2) In terms of internet access, email and internet phone (VoIP):
i) the date and time of the connection and disconnection of the internet access service, based on a certain time zone, as well as the Internet Protocol address (IP), be it dynamic or static, assigned by the Service Provider, as well as the identification of the registered user; and
ii) the data and time of the connection and disconnection of the electronic mail service or internet phone service, based on a certain time zone.
4. Data needed to identify the type of communication:
1) In terms of landlines and cell phones: the telephone service used, and in terms of internet email and internet phone: the internet service used.
5. Data needed to identify the communication equipment of the users or what is considered to be the communications equipment:
1) In terms of landlines: the origin and destination phone numbers
2) In terms of cell phones (voice and data):
i) The origin and destination phone numbers
ii) The international identity of the mobile subscriber (IMSI) of the party making the call:
iii) the international identity of the mobile equipment (IMEI)of the party making the call:
iv) the MAC address (Media Access Control) of the equipment
3) In terms of access to internet, email and internet phone
i) the telephone number of origin in the case of access through dialed numbers; and
ii) the digital line of the subscriber (DSL) or other identifying terminal point of the author of the communication.
iii) the MAC address (Media Access Control) of the equipment
6. Data needed to identify the location of the mobile communication equipment
1) The location label (cell identifier) at the beginning and end of the communication; and
2) the data that allows setting the geographic location of the cell, through reference to the location label during the period in which the communication data are saved.
7. Data that operators must preserve and provide who provide community cell tower services and trunking connections.
1) Operation frequency assigned to the user
2) Tone records assigned to the user
3) Identification numbers assigned to the user
4) Record of groups used in trunking communications
5) Equipment serial numbers supplied to users
6) Data that would identify the tower and/or channel where the user´s equipment connects
7) The data that would allow to set the geographic location of the mobile equipment, through reference to the assigned ID.
Companies are going to give the Sandinista Police all the data of those who make or receive a (any) call, as well as those who surf on internet. And when I say all, I mean ALL. Technical and administrative: IP address, antenna, protocol name and address of customer and any addition metadata (time, date, length, etc.).
Sounds terrifying, but wait for this upcoming analysis, where I explain to you exactly how much of this is truly dangerous.
Article 4. General Rules for the preservation of data and information.
Obligated actors will adopt the necessary measures to ensure that the data specified in article 3 of these regulations are comprehensively preserved, to the extent that they are generated or treated, within the framework of the provision of telecommunications services of which it deals.
In no case will the obligated actors be able to use or take advantage of the data and information generated by their users for purposes different from those established in Law No 1042 “Special Cybercrime Law” and other legal norms.
The data and information preserved in accordance with what is mandated in the current regulations, will only be able to be provided to the National Police or Public Prosecutor, in accordance with the dispositions of Law No 1042 “Special Cybercrime Law”, without affecting what is established in Law No 735, “Law for the Prevention, Investigation and Persecution of Organized Crime and the Administration of Seized, Confiscated and Abandoned Assets,” their regulations and other Laws in this area.
Article 5: Period for the preservation of the data and information
Obligated actors must preserve the data and information indicated in the present regulations for a period of twelve months calculated from the date on which the communication was produced.
Saving this information for all their clients for one year implies an important investment in storage. Likewise, I would not be surprised that one of the brats of the Massacrator is in the business of selling hard drives for servers.
In addition, the regulations say that the information cannot be used for anything other than that we are going with everything [1] on the part of the Sandinista Police.We will see if CLARO restrains itself from using that data to do business.
Article 6. Registration of prepaid users
Operators that activate mobile phone and internet services under the prepay modality, must maintain an updated registry of each user, which would include as a minimum: full name, nationality and address of the user, number and type of identity document and code or number of the assigned line.
This registry must be kept updated and preserved for at least during the period indicated in article 5 of these regulations, and must be immediately provided to TELCOR-Regulating Entity, when so required. Likewise, it must be available to the National Police or Public Prosecutor.
They also want the storefronts that sell pre-paid chips to keep for one year the resume of those who buy those SIM cards.
Article 7. Sanctions
Disregard or non-compliance of the dispositions of the current regulations on the part of obligated actors will result in the opening of the respective punishment procedure, without affecting other sanctions established in other laws.
These orders of the Massacrator patron are not optional. If you don´t pay attention, be ready to face the consequences.
Official analysis of the TELCOR regulations
I am sure that this is just the first of several regulations that are going to be coming out of TELCOR from the Batrachian Kingdom[2], to try to bring to a complete stop those who dare to have an opinion contrary to the crimes-against-humanity immoral attitudes of the Commandante.
It is also clear that the aim of such beautiful sentiments are principally the Telcos (large telecommunications companies), but the storefronts, modules in Metrocentro Mall, [cell phone] shops of Plaza España, etc. will also have to acknowledge this, because they are also going to be required to maintain a registry. It is still not clear whether they are going to be obliged to register themselves.
The information that companies must keep on their clients is basically everything that exists. Even more, beware TELCOR is asking for more than what the companies have, and then they will have to update the forms that they ask their clients to fill out.
No matter, the truth is that with all this information the Sandinista Police are not going to be able to do much, because internet today is monopolized by 4 or 5 applications, and all them are encrypted by default.
In plain Spanish, this means that your conversations on WhatsApp are completely invisible for your internet provider and therefore also for the Police.
What good does it do the Massacrator to know that all of Nicaragua spends all day raking him over the coals on Facebook, if he cannot see anything that goes on there.
Yes, everything that is not encrypted, better realize that it is in the hands of the Police. This includes normal text messages (SMS), voice calls, emails based in Nicaragua (let´s say those from your university, if you are not using a provider in the cloud).
But if you use Gmail (or Hotmail, if you are more than 50 years old) to send and receive emails, or WhatsApp to make calls and share messages, well you are shielded.
To finish, remember what I told you last time about the cybercrime law. It is true that a lot of the technical part that that law talks about is virtually impossible for the batrachians. But do not underestimate the power that a paramilitary has and the rifle but of an AKA, when they have you in front of them, you with your phone in hand, refusing to give them the password. In that situation, that animal is a better hacker than the Russians.
[1] Readers in Nicaragua would immediately recognize this phrase as the wording Rosario Murillo used to order the police and Sandinista followers to attack the protestors of April 2018.
[2] Opposition social media refers to Sandinista supporters as “sapos” or frogs or batrachians.