On April 8, 444.hu’s curious and internet savvy journalists, while looking at the government’s website where citizens can fill out the infamous “Stop Brussels” questionnaire, discovered that “personally identifiable information” (PII) is being passed on to Yandex’s Russian servers.
First, a few words about Yandex, a Russian multinational company specializing in internet-related services. It is the largest search engine company in Russia. It also performs services similar to those of Google Analytics, but it can perform certain additional tasks that Google doesn’t (and won’t): with a special setting it can collect “personally identifiable information,” a feature that is described by experts as marking the difference between capture and spying.
Citizens who choose to answer the Orbán government’s moronic questions online must give their full names, e-mail addresses, and age. Although the website assures respondents that their personal information is safe, that it is not given out to a third party, it is clear from the source code that this is not the case. Thus, what Antal Rogán’s propaganda ministry, which runs the website, did was against the law. But that’s only one of the many problems connected to using Yandex.
It is well known in internet technology circles that Yandex passed information to Russia’s state security service, FSB, back in 2011. Yandex also has a service similar to PayPal, which the Russian blogger Alexey Navalny used for donations he collected for an anti-corruption website. Yandex passed the names of the donors on to the FSB. It is also well established that in Russia there is no such thing as data protection. Any information Yandex and other Russian internet service providers collect is readily accessible by the security services. Therefore, Yandex is almost never used in western democratic countries. That the Hungarian government opted for Yandex lends additional credence to the hypothesis that Viktor Orbán, for one reason or another, is beholden to Vladimir Putin. He never misses an opportunity to give preferential treatment to Russian companies.
It didn’t take long after 444.hu made its finding public for the capture code to disappear from the site’s page source code. The discovery of the Yandex connection had to be embarrassing to the Hungarian government. Moreover, the removal of the capture code signaled that this was not just an innocent mistake or an oversight. It took the government a whole day to try to explain away Yandex’s capture code. They didn’t succeed. The statement concentrated on questions that had nothing to do with the problem at hand. For example, it claimed that “personal data and the opinions expressed are stored in a closed and unconnected manner.” In taking the capture code down, the government only wanted to avoid “malicious misinterpretations” in the future.
The conservative mandiner.hu rushed straight to Yandex. Its president, Victor Tarnavski, argued that Yandex is really not a Russian company, a dubious claim considering that the company’s headquarters are in Moscow. He said that the data most likely ended up in Yandex’s data center in Finland. He added that it is “the duty of our clients to check the mode of capture.” The special function that allows the capture of personal data must be set by the user of the code–in this case, the Hungarian government.
Not surprisingly, the opposition parties were up in arms and demanded to know more. Zsolt Molnár (MSZP), chairman of the parliamentary committee on national security, indicated on Sunday, April 9 that he would ask questions about the case from the military and national security experts present at the regular Monday meeting the following day. Bernadett Szél (LMP), a member of the committee, asked the head of the Military National Security Service about the Russian code. He informed her that this is a domestic matter and he has nothing to do with it. Then Szél turned to the head of the Office for the Defense of the Constitution. Before he could answer, the deputy chairman of the committee, Szilárd Németh, abruptly got up and left the room, to be followed by all the Fidesz members of the committee. Thus, the committee no longer had a quorum, and the questioning had to be stopped. Szél was especially outraged. She said “apparently the prime minister of this country is no longer called Viktor, but Vladimir.”
In the wake of the scandal over the Russian code and the subsequent fiasco in the committee, leading Fidesz politicians treated the public to a series of ridiculous pseudo-explanations. Lajos Kósa said that “we don’t want to make a secret of how many people responded. This is not a secret even if Vladimir Putin himself counts them in the loneliness of the Kremlin.” He also expressed his surprise at the outrage of the opposition members of the parliamentary committee, saying that “when we say that the meeting ends we leave, but otherwise the opposition can shoot the breeze as much as they wish.”
As far as the government and Fidesz are concerned, we’ve reached the end of the story. However, Attila Péterfalvi, head of the Authority of National Data Protection and Information, is investigating the case.
Magyar Idők must have thought they were very clever when they ran a short article with the title “444 is spying.” They discovered that 444.hu, the internet news site, uses Google Analytics (just as Hungarian Spectrum does). The government mouthpiece wanted to know why 444.hu can follow its readers with “an American spy program.” This description of Google Analytics came from a right-wing blogger who claimed that Google, Facebook, Yahoo, “and practically all American internet providers report to the CIA, the NSA, etc.” So, what’s the problem?
I have no idea, of course, whether any personal information reached a data collection center in Russia. If it did, what could the Russian government do with such information? One thing that comes to mind is that they could construct a database (or add to a database they already have) that would allow the Russian propaganda machine to target Orbán voters, who are most likely susceptible to pro-Russian disinformation and propaganda. Given Russia’s passion for cyber warfare, disinformation, and propaganda, this hypothesis is within the realm of possibility.