And Russia is not the only nation going this route.
By Eva Galperin and Danny O’Brien, Electronic Frontier Foundation:
It’s been a rough month for Internet freedom in Russia. After it breezed through the Duma, President Putin signed the “Yarovaya package” into law—a set of radical “anti-terrorism” provisions drafted by ultra-conservative United Russia politician Irina Yarovaya, together with a set of instructions on how to implement the new rules. Russia’s new surveillance laws include some of Bad Internet Legislation’s greatest hits, such as mandatory data retention and government backdoors for encrypted communications—policies that EFF has opposed in every country where they’ve been proposed.
As if that wasn’t scary enough, under the revisions to the criminal code, Russians can now be prosecuted for “failing to report a crime.” Citizens now risk a year in jail for simply not telling the police about suspicions they might have about future terrorist acts.
But some of the greatest confusion has come from Internet service providers and other telecommunication companies. These organizations now face impossible demands from the Russian state. Now they can be ordered to retain every byte of data that they transmit, including video, telephone calls, text messages, web traffic, and email for six months—a daunting and expensive task that requires the kind of storage capacity that’s usually associated with NSA data centers in Utah. Government access to this data no longer requires a warrant. Carriers must keep all metadata for three years; ISPs one year. Finally, any online service (including social networks, email, or messaging services) that uses encrypted data is now required to permit the Federal Security Service (FSB) to access and read their services’ encrypted communications, including providing any encryption keys.
Opposition to the Yarovaya package has come from many quarters. Technical experts have been united in opposing the law. Russia’s government Internet ombudsman opposed the bill. Putin’s own human rights head, Mikhail Fedotov, called upon the Senators of Russia’s Federal Council to reject the bill. ISPs have pointed out that compliance would cost them trillions of rubles.
But now the law is here, and in force. Putin has asked for a list of services that must hand over their keys. ISPs have begun to consider how to store an impossibly large amount of data. Service providers are required to consider how to either break unbreakable encryption or include backdoors for the Russian authorities.
It is clear that foreign services will not be spared. Last week, the VPN provider, Private Internet Access (PIA), announced that they believed their Russian servers had been seized by the Russian authorities. PIA says they do not keep logs, so they could not comply with the demand, but they have now discontinued their Russian gateways and “will no longer be doing business in the region.”
Russia’s ISPs, messaging services, and social media platforms have no such choice: because they cannot reasonably comply with all the demands of the Yarovaya package, they become de facto criminals whatever their actions. And that, in turn, gives the Russian state the leverage to extract from them any other concession it desires. The impossibility of full compliance is not a bug—it’s an essential feature.
Russia is not the only nation whose lawmakers and politicians are heading in this direction, especially when it comes to requiring backdoors for encrypted communications. Time and time again, technologists and civil liberties groups have warned the United States, France, Holland, and a host of other nations that the anti-encryption laws they propose cannot be obeyed without rewriting the laws of mathematics. Politicians have often responded by effectively telling the Internet’s experts “don’t worry, you’ll work out a way.” Let us be clear: government backdoors in encrypted communications make us all less safe, no matter which country is holding the keys.
Technologists have sometimes believed that technical impossibility means that the laws are simply unworkable – that a law that cannot be obeyed is no worse than no law at all. As Russia shows, regulations that no one can comply with aren’t dead-letter laws. Instead, they corrode the rule of law, leaving a rusting wreckage of partial compliance that can be exploited by powers who will use their enforcement powers for darker and more partial ends than justice.
Russians concerned with the fall of Internet freedom, including the Society for the Protection of the Internet (IPI), have planned a protest in cities across the country on July 26. EFF will continue to follow the situation closely as it develops. By Eva Galperin and Danny O’Brien, Electronic Frontier Foundation
The ever vigilant Electronic Frontier Foundation also warned how the “ownership” concept in the US is changing – you just think you own the device you paid for. Read… Google Tells Customers “Ownership” is now an Illusion
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.
Much ado about not much.
Governments routinely violate privacy via the internet each day.
The “Yarovaya Package” will prove to be unenforceable.
It will strangle itself in bureaucratic tape. At most it will slow the flow of information to a snails pace, frustrating not only customers, but the government itself.
Although it is a golden opportunity for malfeasance through fraud.
I encourage you to read the relevant paragraph toward the bottom again:
“As Russia shows, regulations that no one can comply with aren’t dead-letter laws. Instead, they corrode the rule of law, leaving a rusting wreckage of partial compliance that can be exploited by powers who will use their enforcement powers for darker and more partial ends than justice.”
What it says: the fact that companies cannot comply and are thus in permanent violation of the law makes them immensely vulnerable to be exploited and pressured or even taken apart by the powers that be for whatever reasons they might have. In that situation, there is no rule of law.
Politics aside, all the mathematicians in Russia, must be doubled over in fits of laughter. As for the companies that can’t comply, they should simply shut down. Let’s see how that works out for the (insert Russian word for dumb asses here).
Russian word for dumb asses is Pindosi, this is how they call us.
The Rule of Law is a figment of our imagination. Governments, corporations, banksters, fraudsters, oligarchs and various other elites simply do as they please.
Everything they do is Legal. Everything we do is Illegal. How many elites occupy our massive prison-industrial compilex? The judiciary, legal profession, legislatures and executive branch are the cover elites use to make us think there is the Rule of Law.
Massive change is coming, you can see it, smell it and taste it. Whether this change will ultimately be good or bad for mankind is yet to be decided. It is up to us and the decisions we make today.
As far as Russia goes, there has never been the pretense of the Rule of Law. This helps explain high rates of alcoholism, suicide and corruption, and low birth rates, emigration and economic stagnation, despite tremendous human, mineral and other resources.
Those who respond to such threats with “so what” clearly do not remember Joe McCarthy or Richard Nixon.
“It is dangerous to be right in matters where established men are wrong.” – Voltaire.
I’m surprised that a country which is known for producing great mathematicians would pass such a nonsensical law. The methods of encryption are infinite and therefore the keys can be infinite in number as well. One of my math professors once said, “Never underestimate an algorithm that counts something.” It turned out to be the most important thing I learned.
The Russians will find out, like our friends in Utah, that capturing data and organizing data are two entirely different things. Nobody has the capacity to physically capture and organize all of it. It is just stupid. And on top of that, you can’t tell the difference between raw data and encrypted data anyway, so there is no way to tell if the data was encrypted at its origin. And on top of that, most computer generated encryption is easy to break anyway, so what’s the point?
Petunia, that a law is unworkable is not of any consequence to Putin or his thugs. It is still the law, and if you don’t obey it, they have an excuse to pull you in and work you over. That creates fear and paranoia. Stalin had books full of nonsense laws that allowed the NKVD and its successors to pull anyone in. That is how he kept control all those years.
I understand the politics, but the Russians have never needed a good excuse to arrest, torture, or murder anybody.
What they have done is pass a law that will make Russia the object of ridicule the world over. That’s the part I don’t get since Putin is trying hard to become a relevant world leader. Now he is backtracking into being just a Russian thug.
Russian leaders seem unable to make a decision that does not damage the interests of the Russian Nation, but then again it is run by the Russian Mafia. The population of ethnic Russians has been steadily falling for generations as the people sink deeper in despair. The authorities could hardly care less. The deep contempt of the Russian authorities for the Russian people shows in every decision they make. I don’t know where this will all end but it will not end well. I read the English version of Pravda ( http://www.pravdareport.com/ ) and it reads a lot like The National Enquirer; full of silliness and pseudo-scientific nonsense. That also does not bode well for their future.
Better include the UK in that then. They are going to pass law requiring encryption keys to be handed over. those not complying will be told to shut down…
Now that Opera was sold to China, I’m really worried about their free VPN. For real
Apart from the fact that corporations can be held responsible for their actions, how does this differ from the US.
The NSA bugs every internet and phone connection, OK, that might be illegal under US law, but they still do it, actually US law only applies to the proles.
The only difference I can see, is the Russians are making the Telcos pay the bill, whilst in the US, the money comes from taxpayers.
Absolutely, amazing that this article says it and doesnt recognise that it has.Quote:
“a daunting and expensive task that requires the kind of storage capacity that’s usually associated with NSA data centers in Utah”
Russia is just catching up, everywhere will do this from now on .
NSA, GCHQ, etc. Teresa Mays Super Snooper Charter, there is no one more snooped upon than the British Sheeple.
The state security apparatus in the US operates the same…only different.
They propose fealty to the Constitution and the rule of law, yet they do whatever they please from handing out “National Security Letters” to obtaining laughable FISA warrants to just plain paying Israeli security firms to sift the data and break codes and then paying for the information.
At least the Russians are telling you what they are going to do and not hiding their intentions like the NSA and CIA.
Unworkable laws, uncountable laws (and regulations) in the West and in Russia have only one sense: to lock you up whenever it pleases the ruling class. Of course Putin knows that the law is unworkable he is not an idiot.
(it gets worse before it gets better)
No matter how great our technological advances our basic underlying human nature remains unchanged offering more and more power to people who still have the instinct of primitive cavemen.
It is truly remarkable how much Big Business and Big Politics is dominated by the crudest primate instincts. We have to change this if we are going to survive as a species in the long ru.
Now you know what GMO technology is leading up to. Directed evolution is the next phase in human development. Unfortunately it won’t be done with the best interests of the average person in mind, as those who fund it will also be those who control it, and I’ll give you one guess who those are.
First they came for the encryption keys…
Lol! one zombified network can create enough network traffic in a week or two to fill all the computers and servers in Russia to capacity!