Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance (dailydot.com) 109
A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.
Unenforceable law is unenforceable (Score:5, Interesting)
Comment removed (Score:5, Insightful)
Re: (Score:1, Interesting)
What media exactly do Russians NOT have access to? BBC, Voice of America, DW, Euronews, Forbes, The New York Times/IHT -- all accessible in Russian and most have Russian language content. If you don't like the Kremlin's message -- shout louder, but they are letting you shout to your hearts content to the the Russian audience. The critique of the Kremlin is they control all the over the air channels and in a middle income country where cable penetration is like 1/4 to 1/3 the means the Kremlin has the loudes
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
You seem to have issues anticipating the future. Are you, in fact, a dog?
(On the internet, nobody knows you're a dog. Unless you post shit like that.)
Re: (Score:1)
Re: (Score:2)
The parents of idiots who spout shit like "Darwin's law will..." should be killed as punishment for not aborting when they had the chance.
Re: (Score:2)
claiming that this law is only a problem for Russia and needn't bother us here
Uh, I never claimed any such thing in my own comment so I have no idea why you're attributing that to me, please read my comment again since you see to be unclear on it.
Re: (Score:2)
Re: (Score:3)
Yes, it's going to be a problem for everyone, assuming it actually becomes a law, but as previously stated they don't seem to comprehend how the Internet works any better than politicians anywhere else do. Hopefully someone will point out to them that it just can't be done unless they really do
Re: (Score:2)
The problem is that you think of this from the point of view of a western government that plays fair, requires evidence and respects the rule of law (okay, you can stop laughing now). It's not that you can't get PGP and whatnot in Russia. It's that they'll bend the market so most people use services that cooperate with the government. Like Putin wants people to use vk.com instead of Facebook and China wants people to use Baidu instead of Google. And if you can't get them to use a local service, they'll blac
Re: Unenforceable law is unenforceable (Score:2)
There's one information missing here: Using an uncertified app is illegal now and you can be fined just for using it.
Re: (Score:2)
Re: (Score:3)
Selectively enforceable law is selectively enforceable.
TFTFY.
(You forget you're talking about Russia, where laws are nothing more than just a few of the tools which the State has at its disposal for dealing with folks it doesn't like. And "State" is just a convenient abbreviation for "Putin/oligarchs/mobsters/skinheads/bikers".)
Re: (Score:2)
They're not stupid. It's exactly what they want - for Facebook, Skype etc to withdraw, allowing local Russian companies (with servers in Russia, which are therefore subject to monitoring and blocking by Russian intelligence services) to fill in that void.
Re: (Score:1)
Re: (Score:2)
That's funny!
sounds right (Score:5, Insightful)
Re: (Score:1)
Ya, the USA is getting more corrupt with each passing day. Oh wait, were you referring to Russia??
You are joking, but yes, this will come to USA as well. Especially if Trump is elected. He wants your neighbor to slander on you if you act "out of the norm" (WTF is the norm?) Paranoia is winning and no one will be safe.
Re: (Score:2)
In Soviet Russia, joke explains Captain Obvious!
Re:sounds right (Score:5, Insightful)
Yeah, damn russians stealing our ideas again !
Oh, stop beating up Bill Clinton (Score:2)
Oh, come one, Bill Clinton [wikipedia.org] is not running for any office any more, stop beating him up.
Rest in peace, 148 against. (Score:1)
They will be missed.
Excellent! I await the response (Score:2)
Let's hope it's just as newsworthy. I expect to hear all about new technologies that can get around the problem.
Lets see how American .com's deal with this (Score:2, Interesting)
Will they cave, or will they stand tall? Because if they cave, the US and the world will follow Putin's lead.
Re: (Score:1, Insightful)
Re:Lets see how American .com's deal with this (Score:4, Insightful)
Will they cave, or will they stand tall? Because if they cave, the US and the world will follow Putin's lead.
They'll cave because, except for a small subset of companies, most don't really care what sort of encryption they use (or if they encrypt at all) because it won't be the companies that pays the price for their short-sightedness. Rather than risk losing out on the Russian markets, companies will obediently use the Russian-blessed encryption. When the inevitable happens and somebody (be it criminal hackers or the Russian government) use the mandated backdoor to break into their servers, they'll just pass the cost onto their customers. If their customer database will be compromised - everybody's government identification number / credit-card numbers / health and medical information is out on the web - they will just do what every other company does in that situation: hide the breach for as long as they can and once they are found out send out an email with free 1-year "credit monitoring", as if that makes up for it. Of course, it might be the company's own information that gets stolen, but that stuff usually isn't as valuable to a company as they think it is; they'll maybe take a hit on the market, and make up for it by firing a bunch of their peons. Then it will just be back to business as usual.
Of course, long-term these sorts of breaches can be devastating; international corporations will wonder why they keep losing out deals to locals who always seem to know what the foreign companies are up ahead of time (because you can bet the government will use this for corporate espionage to better the lot of their own constituents), but rare is the modern corporation that ever looks at anything long term. They'll be too terrified of losing out on those precious rubles today to worry that they might be knocked out of the market entirely tomorrow.
Now, if we actually held companies accountable for these breaches - especially when using something as stupid as encryption with a guaranteed backdoor - and the company suffered financial or criminal sanctions for their actions, then maybe it would be a different story. But seeing as how the US government also wants its own backdoors, it's unlikely they'll criminalize anyone using encryption that has a secret government key anytime soon...
Re: (Score:2)
Re: (Score:2)
Last job I worked at where I had access to our analytics, total traffic from .ru was less even than that of IE6 worldwide. And the company had decided before I worked there that IE6 users represented so minuscule a share of our hits that they weren't worth accommodating. So I'd expect that they'd have made the same decision about Russians too, if they had some law that required us to do additional engineering work to accommodate them.
Re: (Score:2)
Clueless... (Score:3)
Re:Clueless... (Score:4, Insightful)
Feds declare that the back doors to all homes remain unlocked at all times to allow police easy access. In response to questions about home security, the government said they'd post "For Government Use and Homeowner Use Only" signs on everyone's doors. "That'll stop any burglars," CIA director Brennan said. "Not that there are any burglars. They're purely theoretical."
Re: (Score:2)
Today I really wish I had some mod points to give you!
Re: (Score:3)
Yes they do, and it's pretty much possible, and just as stupid as you imply. What it means is that we can expect government keys and government certs and compromises by and of the government implementing stupid things like this.
We should be cheering for this. When people in power insist on something stupid, sometimes the best you can hope for is an example of bad things that happen when stupid people get their way. If we in the US are very, very, very lucky, maybe Santa will give us bad Russian consequences
Re: (Score:2)
So basically (Score:1)
They want broken encryption, well, they deserve everything that's coming to them, it's not if, it's when.
Huh?? (Score:2)
so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost
"You keep using^H^H^H^H^H^H^H^H^H^H^H use that word, I do not think it means what you think it means"
You're a bit late... as Usual. (Score:1)
Hey Russkies..
Don't you think you are a bit late. USA agencies have had this requirements implemented in OSes for long...
Re: (Score:2)
Hey Russkies..
Don't you think you are a bit late. USA agencies have had this requirements implemented in OSes for long...
Oops. Looks like someone will need to call in the sawdust crew and the coroner. #rotovator didn't get to fini...
Actually This WIll Help (Score:4)
Re: (Score:2)
We're working on building one... not sure that it will care about our misery though.
Gilmore's Law no longer applies. (Score:5, Interesting)
Gilmore [wikiquote.org] famously said "The Net interprets censorship as damage and routes around it."
Extend that concept a little to "... and Orwellian monitoring and social control", and we can talk about it.
Gilmore may have been correct... at the time he said it. But that was in an era of the net being dominated by technically astute people, rather than the Facebookian masses, who appear perfectly happy to tolerate any degree of central control and monitoring.
The internet no longer interprets these things as any sort of problem, and that allows nations like Russia, China, and many in the Middle East to use it as a tool of oppression, spying on their population, and trying to influence human behaviors. Also the US to use it as a means of constant surveillance of everyone, at all times.
So where is the "circumvention" now? It's absent. Sure, you can find the occasional neckbeard bemoaning the state of things, but those people are one in tens of thousands. Slashdotters like to say, "But GPG through TOR relays through VPNS!!!one!!" as if that is something that 99.999% of the world even understands. Face it, the voice of people wanting an open and free internet is a drop in the ocean of people who Just Don't Care, or actively Want That Control because terrorists.
So little by little, the walls close in. Each country is emboldened by the successes of the last who tried. Each step is not that big. Each little increment is tolerable. But in the end? The Internet That Was is destroyed, and the Internet That Is becomes more about being the ultimate tool of authoritarians.
I don't live in Russia. I have several Russian friends in Moscow. I am sad for them, just like they are for me RE: NSA. And we're both powerless to do much but watch.
Re: (Score:1)
how on fucking earth can you talk so stupidly after Snowden?
Everyone but us! When we do it's not oppression!
Seriously you are mentally disabled by propaganda. Seriously.
Re: (Score:2)
Because we do not. When Clinton tried to do this [wikipedia.org], the backlash made him reconsider — to this day, 23 years later, there is still no such requirement in any US law.
Overzealous executive branch does try it every once in a while, but it is still perfectly legal to own and use unbreakable encryption in the US.
Re: (Score:1)
Critical thinking for some people can only be triggered by specific cues which they are conditioned to respond to (you)
Re: (Score:2)
Remember when the US could point fingers? (Score:3, Insightful)
I remember a time when the US could point fingers at other countries abusing spying on their own citizens...
Re: (Score:2)
modded up and yet, posted as AC (my parent poster).
see, kind of proves it even more. many people don't even want to have a pseudonym, they go that extra bit to post as AC.
when people feel like they need to hide that extra level for something that should not be even a casual worry, you know your country has gone too far off the deep end.
I hope the world can unwind and get back to normal again. someday.
Re: (Score:2)
I didn't grow up* the same way as you I guess. My parents and my friends had little love for the government, though they had and continue to have a love for the country.
Thus it doesn't surprise me much to see the government acting the way it is or other governments for that matter. However, I wouldn't say they're acting out of fear, rather I'd say they're capitalizing on the fear of the people to attempt to acquire power and control... pretty much as I've always expected.*
*Most people would call me a grown
Infrastructure software programmed in Russia (Score:1)
There are a lot of software companies selling on north America, but developing their product in Russia. Some of the products are troubling. For example, Netcracker makes software for provisioning and controlling communication services in the telecom industry. There are a great deal of major telcos and cable providers using their code. What does this law mean for something like this? What happens if animosities increase between the east and west and our sensitive infrastructure runs on Russian code? Are the
They Already Had It (Score:2)
Re: Why are messaging app companies "a thing?" (Score:2)
Because people don't want to bother with all that. They want a one-stop solution with all contacts in one place. Like Facebook or WhatsApp, with no need to look for contacts. It's laziness, yes. But it's powerful.
Also with these new laws in Russia this isn't going to help you at all. They have also outlawed using non-certified apps (with no backdoor) now and can fine you for just using such an app. And believe me, paying a few hundred bucks for using jabber will teach people some laziness very quickly.
Re: (Score:2)
Except that's not what we have. It seems like every new contact wants me to install yet another new IM app just to talk to them.
Re: (Score:2)
I've got aim, Skype, Telegram and Retroshare. That seems to cover everyone between them.
Anyone who only uses Snapchat isn't worth knowing.
Dear Russia (Score:1)
Dear Russia,
Please cancel our service. Your terms of service suck.
Thanks!
The Rest Of Planet Earth
Multitrillion dollar (Score:2)
How many hard drives can the ips buy with a trillion dollars? Those Russians must be communicating much more than the rest of the world.
Re: (Score:2)
It's not just drives. Drives, enclosures, storage management software, purpose-built packet inspection engines capable of extracting information from a multi-gigabit stream, personnel capable of administering such specialised gear, datacenter floorspace and power, legal personnel capable of monitoring compliance and processing requests. It's all going to add up.
Re: (Score:2)
I know it is going to add up, but the NSA budget is around 10 billion [washingtonpost.com]. A trillion dollars is 100 years of NSA budget, or 20 years of combined US spying. The Utah data center cost was 1.5 billion, and "reports" say it was going to cost 2 billion to fill it with hardware, software and support, and that's for keeping track of the whole world. This bs will cost millions to the ISPs, that will spend more with the Russian connections they are already managing. It can get to billions, specially with the lack of op