Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Encryption Privacy Businesses Government Media Network Networking Security Software The Internet Technology

Russian Bill Requires Encryption Backdoors In All Messenger Apps (dailydot.com) 207

Patrick O'Neill quotes a report from The Daily Dot: A new bill in the Russian Duma, the country's lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Service -- the successor to the KGB -- can obtain special access to all communications within the country. [Apps like WhatsApp, Viber, and Telegram, all of which offer varying levels of encrypted security for messages, are specifically targeted in the "anti-terrorism" bill, according to the Russian-language media. Fines for the offending companies could reach 1 million rubles or about $15,000.] Russian Senator Elena Mizulina argued that the new bill ought to become law because, she said, teens are brainwashed in closed groups on the internet to murder police officers, a practice protected by encryption. Mizulina then went further. "Maybe we should revisit the idea of pre-filtering [messages]," she said. "We cannot look silently on this."
This discussion has been archived. No new comments can be posted.

Russian Bill Requires Encryption Backdoors In All Messenger Apps

Comments Filter:
  • Oh, the irony! (Score:5, Insightful)

    by Anonymous Coward on Monday June 20, 2016 @08:35PM (#52356709)

    Oh dear, this is ironic. Russia is a haven for online criminals, something they really ought to crack down on. Instead of pursuing actual criminals, they're looking to reduce the privacy of people who haven't done anything wrong. What a screwed up country!

    • Oh dear, this is ironic. Russia is a haven for online criminals, something they really ought to crack down on. Instead of pursuing actual criminals, they're looking to reduce the privacy of people who haven't done anything wrong. What a screwed up country!

      That is what one gets when one's President is also controls the organized crime groups. Putin might just be the first head of State who is also an active mob boss. Not just a mob boss. The mob boss.

  • by haruchai ( 17472 ) on Monday June 20, 2016 @08:35PM (#52356713)

    messaging apps

    Fixed that for you

    • At a minimum they are being more honest the the US.
  • Does not seem to matter what country you are in. They all want to know.
  • by Corwyn_123 ( 828115 ) on Monday June 20, 2016 @08:57PM (#52356815)

    To any country that makes encryption either illegal, or treats it as eminent domain for the government to have access to it's citizen's communications.

    This is the same crap the UK is proposing, and the same crap the US is trying to implement. It's time for the citizens, and thereby the private services providers, to stand up and say "No More!!!".

    • Re: (Score:2, Interesting)

      by Orgasmatron ( 8103 )

      Security, Liberty, Multiculturalism. You might be able to get 2 of the three, or just one. Never all three, not even once in recorded history, not even in myth.

      A multicultural society is necessarily a low trust society. Low trust societies are dangerous, even when monocultural. You can give up liberty in the pursuit of security, or give up security in the pursuit of liberty. History says that you won't get the one you want, even after giving up the one you are willing to sacrifice.

      If you want security

      • by Sique ( 173459 )

        If you want security and liberty, at a minimum, you must stop importing people that want to destroy your culture.

        Here is where your argument fails. Most people out to "destroy culture" (whatever that means) come from within. The foreign agent trying to destabilize a society is a cliché. Sure, they exist, but there are only a few of them. The main threat to a society are people being outcast for what reason ever (economically, culturally, for religious reasons) and try to get revenge for feeling outcast.

        It's the same misconception with most crimes. The people most likely to kill you are yourself, your parents, y

        • All the more reason to lock your doors. Your house is already quite dangerous enough.

          • by Sique ( 173459 )
            It won't lock out anything really dangerous though. That's like being stabbed with a knife and deciding to stop drinking.
            • I am unable to fathom what point you are trying to make here. Feel free to try rephrasing it, but I doubt you'll get very far. The line you are on (or at least were on earlier) is self-refuting. No one who says that we should ignore risks that we can manage because there exist other risks that we cannot, actually lives like they believe it.

              Do you wear your seatbelt? Lock your doors? Live in a good neighborhood? Do you avoid biker bars? Do you have handrails on your stairs? How about a railing on you

      • If you want security and liberty, at a minimum, you must stop importing people that want to destroy your culture. History suggests that you'd better

        At one point, in US history, Chinese immigrants were looked upon as "destroying US culture." At another point, Irish immigrants were the folks to ban ("Irish need not apply" signs in windows). We even, in one sad time in US history, locked up everyone of Japanese descent because we were at war with Japan and feared they'd side with the enemy. There is always

        • You do know that we are at historic levels of immigration both in absolute numbers and in percentage of the population, right? And that no one has any idea how to "melting pot" this many people?

          You'll notice that a lot of these Sudden Jihad Syndrome cases involve 2nd generation immigrants, people that look at their parents with scorn for having integrated and who are more interested in the culture of their grandparents than in ours. Remember that time when the son of a Chinese immigrant shot 100 people fo

    • To any country that makes encryption either illegal, or treats it as eminent domain for the government to have access to it's citizen's communications.

      This is the same crap the UK is proposing, and the same crap the US is trying to implement. It's time for the citizens, and thereby the private services providers, to stand up and say "No More!!!".

      Not even. The apps can be provided from non "insert country name here" located servers so it's up to "insert country name here" to block said services and deal with whatever voter feedback there is after.

  • by frovingslosh ( 582462 ) on Monday June 20, 2016 @09:09PM (#52356855)
    Those filthy dirty freedom hating commies. Now they are stealing out government's ideas!
  • by penguinoid ( 724646 ) on Monday June 20, 2016 @09:14PM (#52356871) Homepage Journal

    Free speech and privacy are viewed as terrorism here, too.

  • I firmly believe that any two adults should have the right to communicate privately as long as they are not convicted felons. I'm a mathematician. It blows my mind that anyone thinks it's reasonable to prohibit the use of math in speech. That said, I would love it if I could buy a phone which would allow me, a parent, to read the communications between my children and other people - not to keep them from becoming terrorists, but to protect them. Children don't have the same rights as adults for good reason
    • From experience (you being similar to my dad) I can tell you with some credibility is that all you will accomplish is that your kids will not only circumvent your attempt to sniff through their privacy, they will also not come to you in case something happens.

      Realize that your kids have WAY more time to break any and all attempts you can field against them than you have to secure them. Plus they have not only the internet at their disposal to do so but the aid of all their peers, who can gain a lot of prest

      • by vux984 ( 928602 )

        From experience (you being similar to my dad) I can tell you with some credibility is that all you will accomplish is that your kids will not only circumvent your attempt to sniff through their privacy

        You were likely more technically savvy than your parents.

        That doesn't generally apply to parents here, especially to a new generation of kids who just use the internet as a tool.

        The internet isn't really new anymore, and the adults here grew up with it and know it inside and out. Protocols and ports, routing and switches, and operating systems etc, etc...and the theory behind how it works. And the kids, unless that is their passion... like it was ours... don't know anything about it.

        • Kids in general have one passion: Circumventing whatever locks parents throw between their legs.

          But hey, more power to you. The insistence of my dad to invade my privacy contributed in no small way to making me the security expert I am today.

          • by vux984 ( 928602 )

            The insistence of my dad to invade my privacy contributed in no small way to making me the security expert I am today.

            I don't doubt it. That clearly applied to you. But if it were generally true, any child that had a snoopy parent would be a network security expert. And that doesn't pass any credibility test. And from my own experience with my kids, they just don't have a deep interest in it.

            If I were to monitor my kids, and they were to find out, I'm confident they'd adapt by just avoiding networks and devices I have control over in the future rather than try to engage in cat and mouse on our own network.

            Kids will find

            • The more likely escape route today would probably be to use devices you have no control over, like at school or with their friends. I didn't have that option, back then computers were still rare and a geek thing.

              • by vux984 ( 928602 )

                Precisely, i think 'our' generation had a rather unique circumstance. Computers were 'rare' and 'new' and changing rapidly, so our parents were likely to be less knowledgeable about them than the kids were.

                That doesn't generally hold true today.

                • Sadly, it does.

                  Parents today are no more likely to know the first thing about computers than ours did. The difference is just that they are more likely to have one.

    • Monitoring children, just like monitoring all people, has the same problem: you simply don't have time to sift through all irrelevant stuff. And there's no real way to determine what is harmful and what isn't. Most of things you'll find harmful will be so because of some kind of misunderstanding on your part and will make you look like a big idiot to your children. And you really can't do much upbringing if your children think you're an idiot. And if they decide to join some gang or something they'll find a
  • by jenningsthecat ( 1525947 ) on Monday June 20, 2016 @09:27PM (#52356909)

    Or should I re-phrase that as "because bogeymen"? I mean, really, how many terrorists attacks, anywhere in the world, have been prevented as a result of the privacy we've already been forced to give up?

    If terrorists didn't exist, governments would have to invent them, to justify their megalomaniacal policies. Oddly enough, Russia is (uncharacteristically) late to the party on this one - it seems that they're simply following the lead of the Free World. That alone should be a cause for serious concern among those ostensibly 'free' countries.

    • Or should I re-phrase that as "because bogeymen"? I mean, really, how many terrorists attacks, anywhere in the world, have been prevented as a result of the privacy we've already been forced to give up?

      More than you might think. The FBI does stings all the time and arrests people who want to commit domestic terrorism. I'm pretty sure that some of this has been found by exactly what you bitch about.

      I do just love (not really) negative logic on Slashdot where supposedly intelligent people argue that because something doesn't happen that it was never going to happen anyway when the fact that it hasn't happened may mean that it was prevented in the first place. For example, TSA screenings may actually

      • More than you might think. The FBI does stings all the time and arrests people who want to commit domestic terrorism. I'm pretty sure that some of this has been found by exactly what you bitch about.

        You may have a point, but I'm not convinced. As the AC who also responded to your post pointed out, the TLA's would be expected to publicize their successes at thwarting terrorism, yet we hear almost nothing. If you have citations, please provide them.

        The recent Orlando attacker didn't drive to the front gate of a US military facility in Florida and start opening fire. He went to a nightclub he was known to visit because he knew that the odds were high that nobody there would have a weapon that could stop him. Terrorists want easy targets with just about 100% chance of success. They're not looking for difficult targets where they may get stopped or caught.

        Let me give you some help with this. If you're going to choose a specific incident to make your case, it would be better to choose one in which the perpetrator very clearly chose his target for its easy accessibility and vulnerability, and not because he might

  • Messenger apps backdoor you!
  • Is ytalk a messenger app? What about IRC? Is encryption over ytalk and irc going to be banned? How?

    Is Russia going to yank these "apps" out of the public domain?

    The cat is not only out of the bag, but is riding the cows that have left the barn and the open gate in the field, and are headed toward the mountains to start their new society based on milking humans.

    --
    BMO

    • Is encryption over ytalk and irc going to be banned?

      I don't think that Russia is worried about the small minority of people who use ytalk and irc. They watch the news and news caster pound each other stupid talking about how social media (ie, forms of communications controlled by a single proprietary platform) is liberating populations from oppressive governments. Those are the communications the Russian government is afraid of. Popular ones.

  • by MobyDisk ( 75490 ) on Monday June 20, 2016 @09:54PM (#52356989) Homepage

    Russian bill: All messaging apps must have a backdoor that only Russia can access.
    US bill: All messaging apps must have a backdoor that only the US can access.
    EU bill: All messaging apps must have a backdoor that only the EU can access.

    Yeah, that'll work just great.

    • Build your messaging app with a API that other apps can hook into, and your custom app can do the encryption, sending encoded messages via the official app. (So these APIs will need to be banned: Twitter's API would also need to be banned, and indeed just about all the dynamic web.)

      • by q4Fry ( 1322209 )

        I have already built this API. Any TLA can query it. There is a small bug remaining: every message is translated into "dog".

        Sample Request:

        //message-decription.api/<your-tld>/<originator-id>/<recipient-id>?key=<your-api-key>&offset=<number>

        Sample Response:

        [{"date":"2016-06-17T04:16:42.540Z","message":"bark bark bark bark. bark bark. bark bark bark bark bark."}, {...}, ...]

    • What we actually need is:
      US law: US companies may not comply with russian backdoor requests; nor may they withdraw service from russian citizens. In other words, for a company headquartered in the US, it must be illegal for the US arm to fail to protect russian citizens from russian law. And then the 3 symmetric permutations.

      • by MobyDisk ( 75490 )

        ooooOOOOOOoooohhhh, I like that.

        (I want the ability to transfer a +1 from my post, down to any immediate child reply)

  • If you remember that little hubbub about Russia's attempt to block certain pages of Wikipedia, it failed only because Wikimedia set the HSTS; they simply expected to utilize the providers' MITM backdoors the way they did it with every other page that makes its way into the proscribed list (that gets added to regularly), but when the entire site went down with a big warning "forgery in progress, turn back now, you're not clicking through", they panicked and backtracked. But not for long. So here's a way out

  • It is ok. (Score:4, Funny)

    by ageoffri ( 723674 ) on Monday June 20, 2016 @10:08PM (#52357045)
    Russia only has theoretical encryption, so the Russian government is only planning for the future. This has no impact on current technology.
  • They're just pre-emptively ensuring they can continue to use US-made encryption for the foreseeable future.
  • by Thor Ablestar ( 321949 ) on Tuesday June 21, 2016 @01:38AM (#52357575)

    Messengers encrypt YOU!

    Being a Russian I just don't beeping care. And maybe I'm even glad that this bill is proposed, because it means that all the official messengers (I mean: companies that provide messenger services using closed source software) will be compromised and the only messengers that are trustworthy will be the open source decentralized ones having no central authority that can be fined.

    In such conditions the maximum fine would be 5000 Roubles (less than US$100) which means that the expense of collecting the evidence would not pay up. It's just impossible to interrogate everybody whose traffic comes to some nonstandard port, and it's impossible to prove that it's a messenger and not anything else.

    Also I hope that any software that used the outdated HTTP(S) and HTML protocols which have so many builtin security holes will be compromised at last and the only programs that survive would have no such thing as web page phenomenon and correspondingly site phenomenon. For instance, Freenet now supports something like a webpage. But it edits out anything that could be dangerous. RetroShare just has no web page. It displays web links but you should copy them to the browser with full understanding for your actions.

    Please understand: This bill is neither Putin's nor the FSB/KGB initiative. The FSB works stealthly. It's the initiative of parlamentaries who propose the laws that just cannot be observed.

  • Dear Russia (Score:4, Funny)

    by Hognoxious ( 631665 ) on Tuesday June 21, 2016 @02:25AM (#52357657) Homepage Journal

    Fuck off, fuck off, fuck off.

    Signed,
        Wales.

  • by Max_W ( 812974 ) on Tuesday June 21, 2016 @02:39AM (#52357691)
    What I heard from E.Snowden makes me believe that all messengers have got a backdoor as a part of some project with a name something like Flying Eagle.

    If it was possible to monitor communications of Bundeskanzler and Président, then run-of-the-mill messengers and smartphones should not be a challenge.

    The question is not about backdoors, but who would hold keys.
  • A few lines of javascript, crypto_js and a simple message relay written in PHP (which can be hosted anywhere in the world) is all you need for a secure messaging app. On the phone side, all you'd need is a web browser that can run standard javascript. On the server all you need is something like PHP (any language will do here: even a CGI script written in bash would suffice).

  • A quote from 'V for Vendetta", Cruelty and injustice...intolerance and oppression. And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance, coercing your conformity and soliciting your submission. How did this happen? Who's to blame? Well certainly there are those who are more responsible than others, and they will be held accountable. But again, truth be told...if you're looking for the guilty, you need only look into a mirror. I kno
  • ... seems to be okay for russia as well.
    No surprise here.

    Stop surveillance. Worldwide. For everybody.

  • Anyone who hasn't seen "17 moments in Spring", doesn't understand the Russian attitude towards espionage and modern statehood. And no Russian Federation official has not seen it. It's the biggest cult-like movie in the modern russian language and it has contributed more to the modern Russian idiom than Casablanca has to the modern American English idiom. Putin openly modeled his political persona on the protagonist of this 12-part miniseries which is known to every russian. And the series (while it is s
    • Damn it... Sometimes I really hate the fact that you can't edit posts even though it stops the Orwellian post-fact changes. Well, at least, you should be able to edit if there has been no comments or ratings on the post. Every other markdown site allows it... You can always preserve the history of edits for viewing, anyway. BUT... obviously I made a mistake in saying that the series was set in the Fall... It's in the NAME. It's 17 moments in SPRING. It's set in the Spring fall of the Nazi Germany.
  • Easy, encrypt the real text traffic and provide a backdoor that generates innocent text generated by an AI. If the encryption is good, then the gubmint won't be able to prove that the spoofed text isn't the correct text.
  • Only amateur terrorists / criminals use encrypted Messenger Apps... knowing full well that not only the smartphones' OS/hardware platform itself is insecure, but that meta data is king in today's surveillance scheme, making encryption in that environment somewhat of an exercise in futility. Sophisticated groups hide in plain sight.

    Seriously, if a group really wants to hide from surveillance, they won't under any circumstances communicate their intentions, neither in the clear, nor encrypted, electronicall

Technology is dominated by those who manage what they do not understand.

Working...