Infrastructure

The story is, on paper, narrow. Solvinity, the Dutch contractor that operates infrastructure underneath Logius and DigiD, looks set to be acquired by Kyndryl, an American spin-off of IBM’s managed-services arm. DigiD itself remains owned by the Dutch state via Logius, so technically the system is still Dutch. Politically and operationally, the distinction does not calm many people down. A rented engine room is still part of the ship. Across Europe there has been a push for “digital sovereignty”, meaning less dependency on American hyperscalers and infrastructure providers after years of quietly outsourcing half the state to Silicon Valley with the serene confidence of a man juggling chainsaws because the first three catches worked out fine. ...

Once upon a FOIA, a group of researchers got their hands on 2,000 pages of bureaucratic bedtime reading from Serbia’s data protection overseers. Their aim? To expose the country’s surveillance architecture. Spoiler: it’s less Big Brother, more “nosy landlord with a master key to every flat”. Here’s what they found: Metadata mania: Every call, text, and pixel of mobile data generates metadata – and Serbia’s telcos are required to store it all for 12 months. That’s every call you’ve made, every base station you’ve connected to, and even what phone model you’re using (yes, they know your burner’s a Nokia 3310). Who’s watching?: The police, civil spies, military spies – all lining up at the metadata buffet. Some go through official channels (paperwork, court orders), while others are gifted magical software logins with unlimited access to the nation’s digital exhaust pipe. Who needs due process when you’ve got root access? Slightly illegal hobbies: In a fun twist, one carrier just hands over everyone’s metadata to the intelligence agency daily. Another gave the same spooks a direct line into their data centre. Both activities have the same legal standing as Monopoly money – i.e., none – and violate both Serbian and international law. And what is law if no one enforces it? Wiretapping 2.0: Classic phone tapping’s had a glow-up. Now it’s called “interception of electronic communications” and comes with a healthy dose of legalese and plausible deniability. Telcos are even required by law to buy spy gear and hand it to the intelligence agency. Then they get to pay for the maintenance, too. Talk about state-sponsored gaslighting. Geo-stalking as a service: Thanks to cell towers and triangulation, your phone’s location can be pinpointed in real-time. This info is happily made available to state organs, complete with bespoke tracking devices and BIA’s sole discretion. If you thought you were off-grid, surprise – you’re on three grids at once. Conclusion In Serbia, surveillance isn’t just a tool – it’s an entire shadow industry, built into the very bones of mobile infrastructure. The lines between legal oversight and unchecked spying are not so much blurred as enthusiastically redacted. And while mass surveillance is technically illegal, all the loopholes are working overtime. ...