Proper control to prevent state authorities’ misuse of the Cybersecurity Act is one of the many suggestions made by people in an opinion survey carried out jointly by the Public Relations Department (PRD) and National Institute of Development Administration (Nida).
The poll was conducted on June 7-12 on 2,507 users of information technology aged 18 and over throughout the country to gauge their understanding of the Cybersecurity Act, which has been in effect since May 27.
Of the respondents, 26.71% said they fully understand the main objectives of the Cybersecurity Act; 55.58% said they are somewhat familiar with it, and 17.71% said they know nothing about it.
Asked through which media channels they learned of the Cybersecurity Act, 73.27% cited social media; 58.56% television news reports; 10.82% news on websites; 7.37% newspapers; 5.26% individual contacts; and 2.63% radio news reports.
The respondents who said they had a complete or partial awareness of the Cybersecurity Act. were then asked about their understanding of six major points in the law.
1. A huge majority – 94.80% – said they understand that the Act is intended to protect computer systems in the public and private sectors from cyber threats, while 5.20% said they do not know about this.
2. A majority – 72.87% – know the Act does not give state authorities the power to monitor and track social media users, while 27.13% do not.
3. A majority – 74.91% – know that the National Cybersecurity Committee (NCSC) is duty-bound to watch for possible attacks on the computer systems which concern public utilities, financial services and national security, while 25.09% do not.
4. A slight majority – 51.75% – do not know that in case of a non-critical level cyber threat they can petition for the cancellation of an NCSC order, while 48.25% know about this.
5. A slight majority – 51.05% – know that in case of a “critical” cyber threat the authorities are required to obtain a court warrant to search, impound and access a computer system, while 48.95% do not.
6. A slight majority – 51.87% – do not know that in case of a “crisis”-level cyber threat the authorities are not required to have a court warrant to search, impound and access a computer system but are required to do so after an operation, while only 48.13% know about this.
Asked to what extent the Cybersecurity Act would help provide protection against cyber threats, 53.80% said it would of some help; 23.10% said it would be of considerable help; 20.47% throught it would be of little help; 2.63% said it would not be of any help.
Asked whether the Cybersecurity Act would be an infringement on the rights and liberties of the people, 21.00% said “yes”; 24.09% said “no”; and, 54.91% were uncertain or had no comment.
Asked to provide suggestions regarding the implementation of the Cybersecurityn Action, 62.22% of the respondents said people should be educated about cyber security threats; 61.99% said proper control should be imposed to prevent state authorities from misusing the law; 56.84% said the authorities should be serious in implementing the law and impose high penalties against wrongdoers; 42.63% said there should be an independent agency to monitor the work of the law-enforcement authorities; and 0.53% said achievements from the implementation of the Cybersecurity Act should be reported to the public.