The Dutch Authority for Digital Infrastructure (RDI) has investigated the security of Odido’s wiretapping system and concluded that several components didn’t meet legal requirements. Therefore, the RDI has imposed a fine of €1,518,750. The risks of unauthorized access to the internet service provider’s wiretapping system have now been eliminated.
The RDI investigated Odido’s wiretapping system in 2021 and 2022. Researchers have now concluded that the security of the internet service provider’s wiretapping system was insufficient in several ways.
For starters, the probes showed that Odido didn’t have a security plan, something that's legally required. A security plan describes what measures are being taken to secure the wiretapping system and is, therefore, essential.
A second problem researchers found is that personnel with access to the wiretapping system had not been properly screened.
“Many of them lacked adequate job descriptions, a signed confidentiality agreement, or a Certificate of Good Conduct. Individuals not responsible for processing wiretapping data also had access to the data,” the RDI says in a press release.
Lastly, the investigations showed that the security of the digital access to the wiretapping system was inadequate. As a result, suppliers had access to the wiretapping system, which meant they could potentially gain access to state secrets and criminal information.
The RDI has imposed a fine of around €1.5 million for these infringements. Odido has since upgraded its wiretapping system, eliminating the risks of unauthorized access.
A wiretapping system contains information about individuals or organizations being tapped. This occurs when communications from individuals or organizations, including telephone conversations, emails, or text messages, are intercepted.
A wiretapping system contains sensitive information, including state secrets and criminal information. That’s why eavesdropping digitally is only done under strict conditions and only if the Public Prosecution Service or the intelligence and security service gives the order to do so.
Because the data being stored is sensitive, wiretapping systems are subject to strict and legally imposed security measures.
Last year, Vodafone also received a €2.25 million fine for not meeting several legal requirements to secure its wiretapping system.
Unlock exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked