Who Scuppered the Launch of Digital Income Declarations?
This August weekend, which brought coolness to Kyiv, turned out to be quite hot for the Ukrainian government as the fight to launch internet-based income declarations for state officials is still ongoing.
Ukraine promised its international partners to launch e-declarations at 00:00 on August 15, 2016. We have gotten used to doing everything at the last moment. It appears that this time will be no different.
There is good motivation for being on time. The next $3 billion tranche of financing from the IMF, €1.2 billion of macrofinancial assistance from the European Union, World Bank money and a number of other financial assistance projects are linked to launching e-declarations. Finally, this launch is the last obligation for Kyiv to hopefully get visa-free travel for Ukrainian citizens to the EU.
Now we can be sure: the launch failed and the system won’t be launched on time. So now we are at a crossroads. Kyiv has two options: a bad one and a worst one.
The bad option is missing the deadline and violating Ukraine’s obligations to the West. The worst option is for Ukraine to launch the uncertified system on August 15. We will be told that the system was successfully launched. What would really happen is high-ranking state officials will get a backdoor for avoiding criminal responsibility for corruption.
The possibility of the second option is also quite high. And the question is whether the current acute phase is only a cover-up of a plan to launch the system in a sham format. Some of our colleagues are totally convinced of this. That is why after the question of ‘what should be done?’ we should not miss another question: ‘who is to blame?’.
European Pravda has enough documentary evidence to prove that the State State Service of Special Communications and Information Protection of Ukraine (SSCS or Derzhspetszvyazok) intentionally intervened to prevent the launch of e-declarations.
We are ready to publish some of the documents, proving the allegations against the SSCS. European Pravda is ready to publish them. We cover more details further in this article.
How Did the Special Communications Service Lie?
News appeared on Friday, August 12 that SSCS discovered bugs in the software and hardware for collecting and storing electronic income declarations of Ukrainian state officials filed via the Internet and refused to issue a security certificate to it. This complex wording means a simple thing: the launch of electronic income declarations failed.
It did not come as a big surprise. All experts knew at that the moment of the problems with the certification, as in early August 2016, the SSCS missed the first deadlines and the conflict became public. Recently the SSCS launched a media war using their website and Facebook page. Their arguments deserve some analysis.
Lie No. 1: System of e-filings is 60% ready. That is why it is impossible to test and assess it in order to issue a certificate
This argument is continuously repeated in the press-releases and media statements of the SSCS. "The software was presented only in three out of five elements stipulated by the contract. It is approximately 60% of the total amount of the project tasks which should have been completed by June 30," — states the SSCS [Ed.: unfortunately, the most recent update on the English version of the SSCS website dates back to May 17, 2016 at the time of translation of this article. That is why all SSCS links are to the Ukrainian version of their website].
This is a half-truth, a good old propaganda technique. Back in 2015 the plan stipulated by the contract was to launch the system initially with only three components: digital filing, secure storage and publication. The second module, i.e. processing and analysis, should have been added later after the initial testing.
Other government agencies are not authorized to grant access to their databases to the National Agency of Corruption Prevention (NAZK), which is responsible for administering the digital income filings of state officials, unless NAZK’s software is certified by the SSCS. And as we know, the SSCS now states that it is impossible to issue such a certificate unless the analysis module of NAZK software is ready, which in turn requires access to other government databases not owned by NAZK. This is a typical Catch-22 [Ed.: readers familiar with the Ukrainian language might be interested in viewing scans of the official documents in the original version of this article].
Lie No. 2: The NAZK contractor missed deadlines. Now SSCS is forced to issue a security certificate within two days, while a realistic timeframe is two months
The ‘two months’ argument was voiced by the head of the SSCS Leonid Yevdochenko at an open session of NAZK this Saturday and it came as a big surprise to all present.
Yevdochenko might not have been expecting an official letter he signed on July 5, 2016 to be leaked to the media. His approval text on that document reads "the schedule of developing a cybersecurity system is approved without reservations". According to the document the certification was to occur during August 5 — 12.
So when was Yevdochenko lying: two months ago, when he signed an official schedule, or now?
| || |
Then SSCS killed additional time for issuing the certificate to give themselves a pretext for claiming a ‘lack of time’. In the beginning of August 2016, then the deadline was already pressing, SSCS initiated a change of the contractor that should have conducted an expert examination of the product. SSCS forced NAZK to refuse services of independent experts and transferred the task to its subsidiary.
This move surprised the UNDP, which was in charge of managing the IT side of the project supported by Western donors. It also surprised the representative office of the European Union in Ukraine. Yet there were still chances to meet the deadline.
Yet this was not enough for the SSCS, which used the change of contractor they initiated and the resulting break, required for signing the new contract as a pretext to refuse accepting technical documentation from the developer until the bureaucratic procedures were done. It looked like SSCS had plenty of time to complete the testing.
Lie No. 3: Developers did not conduct independent testing of their system and failed to provide the required documents
This lie is the most interesting one. On Saturday the Internet was joking about the SSCS stating that the documents they were provided with "a lack the statement of completion of the testing, the statement of completion of the works on the cybersecurity system and the protocols of the preliminary testing".
The irony came when the developer of the system published three photos: a stack of folders that were provided to the SSCS and the title pages of two folders of the documents which the SSCS considered ‘missing’.
| || || |
In their next media statements the SSCS stopped whining about the lack of documents. Probably, somebody at SSCS finally decided to look at the stack of folders they received.
The lie about the lack of independent testing is even more interesting. In July 2016 SSCS was presented with the conclusions of the independent testing conducted by PricewaterhouseCoopers and TestLab2 — a specialized testing laboratory which is highly regarded by experts.
The representative of the SSCS had personally approved the conclusions of these companies as they became the basis for an interagency conclusion (approved by SSCS) on the readiness of the system.
PricewaterhouseCoopers might be more highly regarded by experts than the SSCS. While both organizations assessed different components of the system, the accusations voiced by SSCS regarding the lack of independent testing are absurd and deceiving.
Lie No. 4: SSCS discovered massive security flaws within the system
On Saturday at the open session of NAZK the chief of the SSCS was permanently caught lying. He also demonstrated ignorance of the procedures within his own agency. Nobody expected him to make any public moves after that. Yet, right after the session was over Yevdochenko made another false promise.
In front of the TV cameras Yevdochenko announced that the expert conclusion on refusal of the security certificate is ready (he had no other way — the refusal was announced on Friday) and guaranteed that the document will be provided to NAZK at 12:30 pm the same day.
The representatives of NAZK offered to shift the deadline until 14:00. Yevdochenko also promised that his experts will visit the NAZK or the office of the developers to demonstrate the ‘10 critical vulnerabilities’ of their software and swiftly correct them.
The clock was ticking: 13:30, 15:00... and nobody came. This is lie must be investigated by law enforcement because it could have cost our country a lot. When the document finally arrived at 17:00 it turned out that SSCS marked it ‘for internal use only’, which means the document cannot be read by the developers of the system.
It is difficult to understand why an expert conclusion regarding the unclassified documents should be marked ‘internal use only’, but our sources in SSCS tell us they always mark their documents this way ‘just to be safe’. Ok, but why then was Yevdochenko publicly making promises? It is a lack of professional knowledge or yet another attempt to paralyze the implementation of the digital income filings?
The worst of all is not the way in which SSCS was providing its conclusions, but their contents. Late at night on Saturday the developers, Miranda, finally could have a look at the documents.
It turned out that SSCS did not analyze the code at all. Yevdochenko’s statements that ‘the code is retarded and it can be hacked by almost anybody’ turned out to be bluff.
"The conclusion contains NO FEEDBACK on our software. All the remarks are related to the technical documentation which accompanies the product. Some of the criticisms are not without merit. If we received the expert conclusion on 14:00 on Saturday, as it was agreed at the public session of NAZK — the documents would have been corrected by now," Yuriy Novikov, the Director of Miranda wrote at 3:15 am on Sunday.
Yet SSCS decided to continue spinning the crisis out. When at 11:00 a team from Miranda arrived to the SSCS they had to wait at the entrance for an hour and then they were finally admitted inside — SSCS refused to provide them with any documents.
Who is to Blame?
The deadline to launch the internet-based income filings was missed. On Sunday, May 14 SSCS clearly explained that they are not going to issue a security certificate. Is the system really so bad or can there be other reasons?
Leonid Yevdochenko, the Director of SSCS deserves particular attention. PM Groysman had already announced an internal investigation of the reasons why the deadline was missed. It is hard to believe that Yevdochenko decided to block the launch of the e-filings by his own.
Major General of the Special Communication Corps Leonid Yevdochenko is 45 years old and worked in the SBU of the late Yanukovych era. He was dismissed and in Spring 2014 was restored in his position of the Director of the Center for Special Equipment and Forensic Examinations of the SBU. At that time, the SBU was the domain of the acting President Turchinov.
On July 1, 2015 Yevdochenko was appointed the Director of SSCS by the Yatseniuk Cabinet. Our sources among that cabinet tell that ‘this was a split decision’.
There is an interesting detail: Turchinov himself announced the new head of SSCS while the Statute of SSCS does not mention any relationship between the SSCS and the National Security and Defence Council which Turchinov was leading by that time.
The SSCS reports to the Cabinet of the Ministers. Yatsenyuk was Turchinov’s political partner but Groysman is not. Currently the PM looks more like Yevdochenko’s enemy, at the most acute stage of the conflict Groysman publicly promised ‘grave consequences’ for those responsible at SSCS and NAZK.
Another indirect proof that Yevdochenko is in Turchinov’s team are statements of the head of NAZK Nataliya Korchak who is also representing Turchinov. In most of the cases Korchak is defending SSCS even if her opinion contradicts the arguments of her experts.
During the now notorious public session of NAZK all representatives of Poroshenko were openly indignant about what was going on. None of them supported Yevdochenko. Finance Minister Danyliuk openly notified everybody that Ukraine is close to losing the next IMF tranche. Ruslan Radestkyi, NAZK member who represents Poroshenko, was also among the critics of the SSCS.
Launching the system in a test mode is the worst option. What it really means is that corrupt state officials will be able to avoid punishment. Yaroslav Yurchyshyn, the Executive Director of Transparency International offers the best explanation:
"If a state official is caught red handed — like he forgot to declare his private apartment in London and cannot explain where he got the money, the best memory cure for him will be two years in the prison, but he walks to the court and reminds us that the system is being tested and that he cannot be held accountable because this software is not working for real". So maybe that was the purpose of those who wanted to scupper the fully functional launch system?
On Sunday night, August 14, the head of NAZK Nataliya Korchak confirmed our worst fears and selected the worst scenario: she departed from her previous assurances that a system will be launched without data input unless the security and reliability of the data is confirmed and approved the launch of the system ‘as is’, i.e. without the security certificate.
At a press conference Ms. Korchak admitted: the launch ‘as is’ means corrupt state officials cannot be held responsible for lying in their income statements. Ms. Korchak didn’t explain the reasoning behind her decision.
Three members of NAZK voted to label Miranda, an independent contractor ‘the only culprit’ in missing the launch deadline. All three members are appointed on quotas from Turchinov and Poroshenko. They also did not protest against launching the system without a certificate.
What Shall We Do? Or ‘Reforms First, Donor Money Follows’
[Ed.: this is an abbreviated translation of the second article by the European Pravda on the subject of e-filings]
During the week after the failed launch Poroshenko’s website and his official Facebook and Twitter accounts were beaming with optimism: Greek Orthodox Savior of the Honey Feast Day with Instagrammed honey jars, Olympic victories of the Ukrainian team with colorful photos from Rio — this parallel reality looked like Ukraine did not fail one of its major international obligations to get Ukrainians visa-free entrance to Europe and heal the country’s economy and society.
The President was also reluctant to issue his position on the war between NABU and the Office of the Prosecutor General (GPU) which violently manifested itself with physical clashes between the employees of the two Ukrainian major anti-corruption and law enforcement agencies and all-night interrogations of NABU technical personnel by GPU prosecutors.
While being quiet to the media our sources tell that Poroshenko himself was involved in saving the situation with e-filings. Finally, on Wednesday Poroshenko ordered the security certificate to be issued by August 31, 2016. What led to this decision of the President?
The Unrest on the Pechersk Hills
On Monday morning, August 16, Oleksandr Turchynov, the head of the Security and Defence Council and the abovementioned ‘sponsor’ of SSCS Director Yevdochenko issued a media statement in which he personally promised "to create a new e-filings system" instead of the one, which the NAZK had already paid for. Apparently the Bloody Pastor [Ed: his nickname] is ready to moonlight and become the Chuck Norris of the agile web development.
The enemies of the e-filings were reinforced by the meager reaction from the West. The EU limited itself to a modest bureaucratic reminder about their previous statement regarding the necessity to launch the system in full.
Yet, important people inside Ukraine were also unhappy with the failed launch. PM Groysman promised to relaunch the e-filings and punish the people responsible for the failure. Vice-Premier on European Integration Ivanna Klympush-Tsintsadze called the failed launch ‘a government authorisation for officials to avoid showing their true income’.
Yet not all the protests were public. Our sources confirm that Justice Minister Petrenko listed numerous legal controversies which would arise out of the launch of the e-filings without proof of data integrity. Finance Minister Danyluik was more black and white: if the situation with e-filings is not solved within several days, then he will resign.
Yet the key argument which shifted the balance towards the real launch of the e-filings was not the pressure by the Cabinet, but the eventual reaction from the West.
‘The International Monetary Certificate’
On Monday evening Western diplomats finally realized that the situation is really dangerous and requires quick fixing. A brief but clear message appeared from the EU: ‘we are disappointed’. The question was discussed between Poroshenko and Donald Tusk on Wednesday. Also on Wednesday the EU finally issued a harsh statement by embassies of the EU member states and the diplomatic mission of the EU in Ukraine.
The EU statement is unprecedented in tone as Western diplomats usually avoid harsh statements, preferring diplomatic half-speak. It is also unprecedented by format as the authors managed to coordinate the position of ALL embassies of EU member states. The timing of the statement is also unique: usually ambassadors are on vacation in summer and they have to approve bold moves like this one.
On Thursday the IMF joined the criticism. Ron van Rooden, the IMF representative in charge of Ukraine sent a letter to Groysman, several key ministers and Nataliya Korchak of NAZK. The IMF was brief and clear: "without a security certificate the e-filings system won’t be considered fully functional and will cause failure of Ukraine’s obligations to the IMF according to the international assistance program which the IMF administers".
The international reaction gave no alternatives other than continuing the certification. So SSCS proceeded with working on the certificate despite their previous statements to the contrary.
Help from Within
On August 15 Yevropeyska Pravda published its controversial editorial in which it urged the world community to stop financial assistance to the Ukrainian government and the discussions on visa-free entry for Ukrainians. SSCS stated they need ‘two months’ to issue a certificate. This would have led us to the point of no return. For that reason, if we had a chance to reconsider publishing our editorial Yevropeyska Pravda would have done the same.
We were protesting not against visa-free entry for ourselves, but against lies and half-truths from the authorities. We hope Ukraine will successfully implement e-filings and, after all the drama, Ukrainians will have earned the right to visa-free entry to Europe.
Publications of the English version of Ukrayinska Pravda are not verbatim translations of the source publications from the Ukrainian or Russian language versions of our website. For the sake of clarity and editorial effectiveness our translators might take the liberty of shortening and retelling parts of the source publications. Please consult the text of original publication or the English editorial staff of Ukrayinska Pravda prior to quoting our English translations.