Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Businesses Communications Encryption Government Media Network Networking Privacy Security Software The Internet Technology Your Rights Online

Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance (dailydot.com) 109

A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.
This discussion has been archived. No new comments can be posted.

Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance

Comments Filter:
  • by kheldan ( 1460303 ) on Friday June 24, 2016 @01:44PM (#52383705) Journal
    Non-Russian-based companies can't be compelled to comply with this, and furthermore some companies are sure to just completely pull out of Russia completely. Apparently Russian politicians are no smarter than politicians anywhere else, and apparently are uncomprehending of the fact that the Internet is not just inside Russia or controlled by Russia.
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Friday June 24, 2016 @01:52PM (#52383775)
      Comment removed based on user account deletion
      • claiming that this law is only a problem for Russia and needn't bother us here

        Uh, I never claimed any such thing in my own comment so I have no idea why you're attributing that to me, please read my comment again since you see to be unclear on it.

        • Comment removed based on user account deletion
          • Okay; fair enough. This being the Internet and all, it wouldn't have been the first time someone didn't bother actually reading something, then making wild assumptions about the content they didn't actually read. xD

            Yes, it's going to be a problem for everyone, assuming it actually becomes a law, but as previously stated they don't seem to comprehend how the Internet works any better than politicians anywhere else do. Hopefully someone will point out to them that it just can't be done unless they really do
            • by Kjella ( 173770 )

              The problem is that you think of this from the point of view of a western government that plays fair, requires evidence and respects the rule of law (okay, you can stop laughing now). It's not that you can't get PGP and whatnot in Russia. It's that they'll bend the market so most people use services that cooperate with the government. Like Putin wants people to use vk.com instead of Facebook and China wants people to use Baidu instead of Google. And if you can't get them to use a local service, they'll blac

    • There's one information missing here: Using an uncertified app is illegal now and you can be fined just for using it.

    • Nice to see Russia trying to become more like the USA
    • Selectively enforceable law is selectively enforceable.

      TFTFY.

      (You forget you're talking about Russia, where laws are nothing more than just a few of the tools which the State has at its disposal for dealing with folks it doesn't like. And "State" is just a convenient abbreviation for "Putin/oligarchs/mobsters/skinheads/bikers".)

    • They're not stupid. It's exactly what they want - for Facebook, Skype etc to withdraw, allowing local Russian companies (with servers in Russia, which are therefore subject to monitoring and blocking by Russian intelligence services) to fill in that void.

  • sounds right (Score:5, Insightful)

    by frovingslosh ( 582462 ) on Friday June 24, 2016 @01:45PM (#52383723)
    Seems like exactly the kind of thing a corrupt government that doesn't respect the privacy and rights of its citizens would do.
    • Re:sounds right (Score:5, Insightful)

      by Anonymous Coward on Friday June 24, 2016 @02:01PM (#52383841)

      Yeah, damn russians stealing our ideas again !

    • Seems like exactly the kind of thing a corrupt government that doesn't respect the privacy and rights of its citizens would do.

      Oh, come one, Bill Clinton [wikipedia.org] is not running for any office any more, stop beating him up.

  • by Anonymous Coward

    They will be missed.

  • Let's hope it's just as newsworthy. I expect to hear all about new technologies that can get around the problem.

  • Will they cave, or will they stand tall? Because if they cave, the US and the world will follow Putin's lead.

    • Re: (Score:1, Insightful)

      by Anonymous Coward
      It is a good test. Russia's economy is basically poop these days so there isn't all that much to be made there. If tech companies were ever going to give the "see ya" to a country in responsive to invasive legislation, now would be the time.
    • by Somebody Is Using My ( 985418 ) on Friday June 24, 2016 @03:40PM (#52384665) Homepage

      Will they cave, or will they stand tall? Because if they cave, the US and the world will follow Putin's lead.

      They'll cave because, except for a small subset of companies, most don't really care what sort of encryption they use (or if they encrypt at all) because it won't be the companies that pays the price for their short-sightedness. Rather than risk losing out on the Russian markets, companies will obediently use the Russian-blessed encryption. When the inevitable happens and somebody (be it criminal hackers or the Russian government) use the mandated backdoor to break into their servers, they'll just pass the cost onto their customers. If their customer database will be compromised - everybody's government identification number / credit-card numbers / health and medical information is out on the web - they will just do what every other company does in that situation: hide the breach for as long as they can and once they are found out send out an email with free 1-year "credit monitoring", as if that makes up for it. Of course, it might be the company's own information that gets stolen, but that stuff usually isn't as valuable to a company as they think it is; they'll maybe take a hit on the market, and make up for it by firing a bunch of their peons. Then it will just be back to business as usual.

      Of course, long-term these sorts of breaches can be devastating; international corporations will wonder why they keep losing out deals to locals who always seem to know what the foreign companies are up ahead of time (because you can bet the government will use this for corporate espionage to better the lot of their own constituents), but rare is the modern corporation that ever looks at anything long term. They'll be too terrified of losing out on those precious rubles today to worry that they might be knocked out of the market entirely tomorrow.

      Now, if we actually held companies accountable for these breaches - especially when using something as stupid as encryption with a guaranteed backdoor - and the company suffered financial or criminal sanctions for their actions, then maybe it would be a different story. But seeing as how the US government also wants its own backdoors, it's unlikely they'll criminalize anyone using encryption that has a secret government key anytime soon...

      • Actually a lot of companies will publicly refuse to do this simply because if their customers believe they have a backdoor in their security software, they won't buy it. Also, some of them have ethics that would also cause them to refuse to put in backdoors. You can guess which is which.
    • Last job I worked at where I had access to our analytics, total traffic from .ru was less even than that of IE6 worldwide. And the company had decided before I worked there that IE6 users represented so minuscule a share of our hits that they weren't worth accommodating. So I'd expect that they'd have made the same decision about Russians too, if they had some law that required us to do additional engineering work to accommodate them.

  • by 101percent ( 589072 ) on Friday June 24, 2016 @02:03PM (#52383855)
    Do these people really think these companies can create a secure "backdoor to all encryption"? I dread the day I wake up and whatever bullshit "solution" they come up with gets compromised and it's basically cyber Armageddon. Hope they come up with some other impossible shit like, "Feds declare all cars must get 200m/g. Government declares all hamburgers must be fat free." I get what they want, but some things you just can't legislate into existence, especially the goddamn backbone of ecommerce.
    • Re:Clueless... (Score:4, Insightful)

      by Jason Levine ( 196982 ) on Friday June 24, 2016 @03:04PM (#52384357) Homepage

      Feds declare that the back doors to all homes remain unlocked at all times to allow police easy access. In response to questions about home security, the government said they'd post "For Government Use and Homeowner Use Only" signs on everyone's doors. "That'll stop any burglars," CIA director Brennan said. "Not that there are any burglars. They're purely theoretical."

    • Yes they do, and it's pretty much possible, and just as stupid as you imply. What it means is that we can expect government keys and government certs and compromises by and of the government implementing stupid things like this.

      We should be cheering for this. When people in power insist on something stupid, sometimes the best you can hope for is an example of bad things that happen when stupid people get their way. If we in the US are very, very, very lucky, maybe Santa will give us bad Russian consequences

      • Very true sir. I should add that when you point out their stupidity, they skirt around it, shift blame, and you usually end up in jail. We're never going to advance like this.
  • by Anonymous Coward

    They want broken encryption, well, they deserve everything that's coming to them, it's not if, it's when.

  • so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost

    "You keep using^H^H^H^H^H^H^H^H^H^H^H use that word, I do not think it means what you think it means"

  • Hey Russkies..

    Don't you think you are a bit late. USA agencies have had this requirements implemented in OSes for long...

    • Hey Russkies..

      Don't you think you are a bit late. USA agencies have had this requirements implemented in OSes for long...

      Oops. Looks like someone will need to call in the sawdust crew and the coroner. #rotovator didn't get to fini...

  • by zenlessyank ( 748553 ) on Friday June 24, 2016 @02:12PM (#52383913)
    Usher in new techniques. Say and think what you want, but Russian computer enthusiasts WILL find ways around this. And so will Chinese and American and Israeli etc. Let the new Digital War begin.
  • by Anonymous Coward on Friday June 24, 2016 @02:13PM (#52383921)

    Gilmore [wikiquote.org] famously said "The Net interprets censorship as damage and routes around it."

    Extend that concept a little to "... and Orwellian monitoring and social control", and we can talk about it.

    Gilmore may have been correct... at the time he said it. But that was in an era of the net being dominated by technically astute people, rather than the Facebookian masses, who appear perfectly happy to tolerate any degree of central control and monitoring.

    The internet no longer interprets these things as any sort of problem, and that allows nations like Russia, China, and many in the Middle East to use it as a tool of oppression, spying on their population, and trying to influence human behaviors. Also the US to use it as a means of constant surveillance of everyone, at all times.

    So where is the "circumvention" now? It's absent. Sure, you can find the occasional neckbeard bemoaning the state of things, but those people are one in tens of thousands. Slashdotters like to say, "But GPG through TOR relays through VPNS!!!one!!" as if that is something that 99.999% of the world even understands. Face it, the voice of people wanting an open and free internet is a drop in the ocean of people who Just Don't Care, or actively Want That Control because terrorists.

    So little by little, the walls close in. Each country is emboldened by the successes of the last who tried. Each step is not that big. Each little increment is tolerable. But in the end? The Internet That Was is destroyed, and the Internet That Is becomes more about being the ultimate tool of authoritarians.

    I don't live in Russia. I have several Russian friends in Moscow. I am sad for them, just like they are for me RE: NSA. And we're both powerless to do much but watch.

    • how on fucking earth can you talk so stupidly after Snowden?

      nations like Russia, China, and many in the Middle East

      Everyone but us! When we do it's not oppression!

      Seriously you are mentally disabled by propaganda. Seriously.

      • by mi ( 197448 )

        When we do it's not oppression!

        Because we do not. When Clinton tried to do this [wikipedia.org], the backlash made him reconsider — to this day, 23 years later, there is still no such requirement in any US law.

        Overzealous executive branch does try it every once in a while, but it is still perfectly legal to own and use unbreakable encryption in the US.

        • Critical thinking for some people can only be triggered by specific cues which they are conditioned to respond to (you)

    • Eventually the Internet will become such a sewer when it comes to being surveilled and so broken from all the walled gardens and blockades from this country and that, that it'll become nigh-unto unusable, and many people (and businesses) will just stop bothering with it. In short this sort of bullshit will eventually kill the Internet completely.
  • by Anonymous Coward on Friday June 24, 2016 @02:14PM (#52383929)

    I remember a time when the US could point fingers at other countries abusing spying on their own citizens...

    • modded up and yet, posted as AC (my parent poster).

      see, kind of proves it even more. many people don't even want to have a pseudonym, they go that extra bit to post as AC.

      when people feel like they need to hide that extra level for something that should not be even a casual worry, you know your country has gone too far off the deep end.

      I hope the world can unwind and get back to normal again. someday.

  • There are a lot of software companies selling on north America, but developing their product in Russia. Some of the products are troubling. For example, Netcracker makes software for provisioning and controlling communication services in the telecom industry. There are a great deal of major telcos and cable providers using their code. What does this law mean for something like this? What happens if animosities increase between the east and west and our sensitive infrastructure runs on Russian code? Are the

  • It was the We Break Your Legs and Shoot You in an Alley provision.
  • Dear Russia,

    Please cancel our service. Your terms of service suck.

    Thanks!

    The Rest Of Planet Earth

  • How many hard drives can the ips buy with a trillion dollars? Those Russians must be communicating much more than the rest of the world.

    • It's not just drives. Drives, enclosures, storage management software, purpose-built packet inspection engines capable of extracting information from a multi-gigabit stream, personnel capable of administering such specialised gear, datacenter floorspace and power, legal personnel capable of monitoring compliance and processing requests. It's all going to add up.

      • I know it is going to add up, but the NSA budget is around 10 billion [washingtonpost.com]. A trillion dollars is 100 years of NSA budget, or 20 years of combined US spying. The Utah data center cost was 1.5 billion, and "reports" say it was going to cost 2 billion to fill it with hardware, software and support, and that's for keeping track of the whole world. This bs will cost millions to the ISPs, that will spend more with the Russian connections they are already managing. It can get to billions, specially with the lack of op

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...