Russia's latest internet law proposal - anti-NSA, or pro-FSB?

Filed Under: Featured, Law & order

Russian computer. Image courtesy of ShutterstockRussia's parliament, the State Duma, has heard another internet freedom bill requiring foreign web firms to host any data on Russia citizens within Russia's borders.

This would mean the likes of Google and Facebook would need to set up datacenters within Russia and redesign their operations so that individual user data would only be stored inside the country. Failure to do so could mean the site being blocked to prevent Russians using it.

If the proposal is accepted by the parliamentary process, it would give companies until September 2016 to comply.

The reasons behind the move remain a little vague, but Liberal Democrat politician Vadim Dengin, one of the bill's main proponents, has been quoted by local press as claiming that data on Russians stored by web services "can be used against the country as well as against a specific individual".

It seems likely that the bill is at least in part a response to the massive worldwide internet snooping carried out by the NSA and other intelligence agencies, aiming to minimise foreign spies' access to information on what Russians are up to online.

But it will also give Russia's own intelligence services much easier access to data on its own citizens, avoiding the need for complex and potentially controversial efforts to snoop on foreign-based datacenters.

Russia has been gradually chipping away at online freedom and anonymity for a while now, mainly in the name of combating extremism, but their efforts have been seen by many as attacks on dissenting voices opposed to the ruling regime.

Recent moves include requiring bloggers to register themselves and conform with openness requirements, and demanding internet firms share detailed information on their users with law enforcement whenever requested to do so.

A prominent Russian politician has also recently called for David Cameron-style web content filtering to protect sensitive Russian youth from decadent Western adult material, seen by many as a clear move towards censorship and another brick in Russia's emerging China-style "great firewall".

Last year's Winter Olympics also saw an upturn in monitoring of foreign visitors to Russia and how they used the web and phones.

This latest move may well prove problematic for web firms, who would face the choice between the massive logistical effort and financial input required to relocate their data into Russian territory, and to filter the transfer, storage and analysis of data appropriately, or risk losing access to Russia's huge online population.

Indeed much of the criticism the bill has so far faced from within Russia has been on economic grounds, arguing that the requirements of the bill would be too costly for internet firms to be workable.

The cost to Russia of further separating itself from the online world could be even higher though, both financially and socially, if it finds itself shut out of the ever-growing global digital economy thanks to its isolationism.

The cost to the world could be high as well, with Russia already a major source of online crime, recently cited by a leading UK police official as the biggest cybersecurity threat to Europe.

Hackers will always find a way around connectivity and anonymity hurdles put in their way, if there's enough money to be made, and any further damage to international relations and impediments to tracking down crooks will inevitably lead to an increase in criminal activity.

The internet needs openness and freedom to do its job of connecting the world. Trying to fight its influence with censorship and regulation is not good for anyone.

Image of Russian flag on keyboard courtesy of Shutterstock.

, ,

You might like

12 Responses to Russia's latest internet law proposal - anti-NSA, or pro-FSB?

  1. Anonymous · 427 days ago

    So if I'm not in Russia, and I'm "friends" with someone in Russia so I can see their data (and the person wants it that way), the data's going to be transferred outside of Russia. Does the bill even account for that?

    • A Nonny Mouse · 427 days ago

      Russia at the moment doesn't seem to want its citizens to be friends with foreigners. It doesn't want them to travel, and it doesn't want them to work overseas.

      For me, this is particularly scary as my best friend is Russian, and going home soon. It terrifies me to think of the hoops I might have to jump through if I ever want to see her again.

      • Numberfive · 423 days ago

        It doesn't look like that from within Russia. Nothing is limiting my freedom or capability to communicate \ connect \ travel how I want.
        So your opinion of a person who has no clue about what is going on (or not changing at all lol) isn't really worthy.

    • It says "stored", so technically it would just mean you access the data from Russia. Although "stored" could just be John's interpretation and it covers send/receive too?

      It kind of makes sense. Keep user's data in the user's country, so it abides by the laws of their home. Problem is, if the NSA and the likes want it they will get it. No matter where it's stored... even a great firewall could be physically bypassed, if not broken through.

      • Eve · 424 days ago

        good point, Russian govt doesn't get the point of cloud technology

  2. Someone Else · 424 days ago

    Can you actually blame russia for wanting systems holding data about their citizens to be situated inside their own country. Isn't this exactly what many western enterprises are doing before trusting cloud providers with sensitive customer data? ( demanding it be hosted onshore and in county) Maybe it isn't practical, but props should go to Rrussia for trying.

  3. Eve · 424 days ago

    What happens if a company stores user data encripted and protected the way the __data can't be accessed__ even by company employees? In this case a __web firm just doesn't know___ is this a data on Russia citizens.

    I'm working for the company that intends to be a game changer with the way of storing data I described above.

    To me it's not clear what should we do about this law.

    • Numberfive · 423 days ago

      In your case - data availability is the problem.
      How can you ensure that data will be always accessable to user? What if goverment of your country will decide that it is forbidden to provide services to the specific country? Will you comply with your local regulation?
      If data will be hosted locally in Russia, you will not have an ability to restrict access to it.

  4. LonerVamp · 424 days ago

    Yeah, if FaceBook wants to be based in the US, and complies with Russian law, all the US needs to do is say, "Route some of your backups here or we'll fine you whatever," and that'll be that.

    Hard to fault a major national government from doing this. The US probably would if we thought we could get away with it or word the law in a way that matters.

  5. Spryte · 424 days ago

    It was only a matter of time that some government would respond in kind.
    Unfortunate as it only lead to a less open internet.

  6. Randy · 424 days ago

    I'm sure the NSA is already registering and incorporating a dummy "social media" company and would be glad to install servers in Russia and have their people manning the keyboards. This is like a dream come true for them.

  7. Anonymous · 11 days ago

    I hear that this has been pulled forward to be effective on 1st September this year?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.