Slashdot Mirror
New Russian Law To Forbid Storing Russians' Data Outside the Country
TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.
The FSB is grateful for your assistance citizen! I
There are plenty of countries that already do this at the federal and state/provincial levels. And a lot of companies are following suit, especially after privacy laws have been toughened up by federal law.
Om, nomnomnom...
These Russian online services will be very popular with Americans.
I wonder how such a thing is going to be enforced. Seems to me this is more about burdening Russian companies who use western services than it is about securing the privacy of Russian citizens. Besides if Putin forces all Russian companies to keep their data local then his cronies can more easily do their own spying on it, rather than have to beg the NSA to give them access, which given Russia's frosty relationship with the US, is probably pretty much cut off these days.
Looks like Russians will have to find somewhere else to go to if they want to buy from somewhere abroad.
I understand the spirit of this law, but in reality it is too much like the Communications Decency Act that got passed in 1996 -- way too broad and sweeping.
Maybe Livejournal will just move to Russia...
Do not look into laser with remaining eye.
Don't be naive. The only reason Russia and other oppressive nations pass laws like these is so they can better monitor what their 'citizens' are doing and saying. It's a lot easier to lock up whoever wrote "Putin Sucks" online if the data is in a Russian server.
I remember a few years ago when a big US university rejected Gmail because they could not ensure US-only storage of data and they had data -privacy concerns about the foreign governments (whoops).
At this point I don't really care if my data is in Belarussian hands because they cannot hurt me. Russians should likewise consider wanting to store their data ovetseas.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
As another pointed out, Russia isn't anywhere near the first country to do this; in fact, doesn't the European Union require it Union-wide?
Anyway, I'm most curious how the Kremlin defined "personal". Being that a lot of us are software industry programmers, product managers, etc., it'd be useful to know what kind of changes we need to make to our respective companies' international back-end infrastructure.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
You can feel it in the air.
As stated in the subject line, security through legislation is no security at all. If anything, this will weaken information security for Russians. It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on. I'm genuinely amused.
Write failed: Broken pipe
"We are sorry, but we cannot let you register on our service because your president created douchbag laws against it."
Table-ized A.I.
Concept of World Wide Web.
You're correct that the motivation is fundamentally economic, but it has nothing to do with revenue generated from Russian datacenter leases, which are less than a drop in the bucket compared to the value derived from legally guaranteed physical access to servers for Russian government representatives. You really haven't thought this through, have you?
Write failed: Broken pipe
The good part with US servers and the US cloud was lack of hard encryption and a legal 'cut out' e.g. a federal "finding" for the NSA to get in and collect it all from tame US telco product providers.
As hinted at via ideas around "QuantumInsert" show that time and distance to a cloud or server is good news for the NSA and friends.
i.e. a man-in-the-middle fake web page is great on distant optical but may be more tricky within Russia needing tame Russian staff and an unnoticed Russian site.
If you can get the cloud or servers used by Russians out to the US or a tame friendly country with shared facilities its less hard work.
Within Russia your back to the human side
"The name is Blond... James Blond: The moment US 'spy' has shaggy wig revealed by Russian secret service after being arrested for offering millions to agent to switch sides" (15 May 2013)
http://www.dailymail.co.uk/new...
Russian cannot protect its wider internet use as it moves around the EU and beyond. In Russia the US has to try the human approach - something any nations security services are always ready for in their own cities.
Russia knows it needs to project its banking, trade, science and culture out to the world on its own terms and via Russians.
Russia also knows the less vital networks it has floating around the world - the slightly less easy it is to totally tap.
Russia lost a lot in the 1930's - to early 1950's due to sloppy code use. Russia learned fast that one time pads if used correctly (no reuse) do work.
The problem is a vast rate of vital data moving on 'international' junk banking and telco crypto standards on cheap peering.
The Russian solution is to risk what it knows will be lost on international networks and do the best they can back in Russia on their own networks.
Will it work? No, the NSA and GCHQ got to many large scale internal Soviet networks over time. Back to humans, typewriters, one time pads and number stations.
Domestic spying is now "Benign Information Gathering"
Nationalism aside it's not a bad idea, since having your medical records sent to the Phillipines for data entry and many similar stupid shortcuts are bad ideas. If your sensitive information is being stored in a different legal juristiction where people speak a different language there's not much you can do if someone wanders off with it and puts it to other uses unless you have as many international lawyers on staff as IBM.
STUPID and/or FOOLISH Americans don't care about their privacy; they Tweet, and Facebook, and store "their" files in the cloud (1960's style on a server they neither own nor control) and so on. MANY Americans, on the other hand, value our privacy just as much as our founders did back when they wrote a Constitution that limited our government to doing only a handful of specific things (NONE of which included either facilitating OR regulating OR snooping on ANY communications within the country other than the creation of a postal service) and prohibited the government from going through our "stuff" without a warrant that [1] is attached to some claim of a crime, [2] is taken-out by sworn oath of the officer [3] is specific about WHO, WHAT, and WHERE to search:
The Fourth Amendment:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"
Those of us who still believe in those "quaint" and "out-dated" ideas, and who deny that the Constitution is a "living document" that can be evaded by any judge who wishes to "re-interpret" it to fit the current mood store OUR data on our own servers and do not use completely unnecessary "social media" sites that encourage adults to behave like self-absorbed teenage girls. Many of also resist using sites like Facebook where every click contributes to an empire of advertizing and data-snooping that funds political efforts to tear down all the limits on importing labor so its founder can get even richer by suppressing the wages of middle-class American IT people.
All a guy who wants to stir up trouble would need to do is to put their own personal details on a forum. Then they could call the authorities and go,"Look, on Joe USA's forum is my personal details".
God spoke to me
The next step is to air gap and migrate medical, banking (at a global, trade, negotiation level), court and police databases off any US or NATO originating OS, database or rented turnkey networking solution.
New hardware imports is still the huge issue that Russia cannot escape even with all clean code and local storage.
Domestic spying is now "Benign Information Gathering"
Agreed.
Write failed: Broken pipe
Google should have cut ties with the US when that was still a useful option. Now the world is looking for other options and the US is suddenly very small.
Russian expatriates are Russian citizens too. And employment data is a thing that gets stored. I hope they're not looking for work with an Internet company...
They are likely taking a cue from Brazil, in an effort to promote domestic enterprise.
Does this affect the rest of the world? Nope.
Let's move on, nothing to see here.
.. you allow it to be stored somewhere else.
storing it in Russia just makes it harder for foreign powers to use.
...security for Russians...
The Russian society is divided in numerous socioeconomic groups, the same as the US or any other society.
These groups have different understanding of security, and completely different interests in general. For some, security means keeping control over their power and billions, for some finding at last a job or starting a modest web-based business.
There are not only Russians, French, Americans, etc., but also socioeconomic groups with very similar interests and aspirations.
There WILL be legislation proposed very soon for a similar restriction on US companies. That it is stupid, irrational and anti-privacy won;t stop some ignorant legislators from suggesting it. So in that sense alone it does affect the US...
You are SO poorly educated (I'm NOT calling you "stupid", just saying you had bad teachers) that you do not understand what our founders wrote; For "effects" do not substitute "computer graphics" or Zuck's, Page's or Brin's software. Try substituting the word "stuff" - you'll probably "get it" then. Our founders did not believe the government had any right to dig through and look at ANY of your "stuff" without a valid, explicit warrant from a judge where the investigator/policeman had to swear under oath that his application was accurate; this provided accountability.
Like any good short-sighted progressive, you seem to assert that the internet is some new magical thing that renders the Constitution obsolete; it does not because the constitution is not concerned at all with the specific technology of communications (your right to be secure in your papers and effects has NOTHING to do with whether those are transported by pony express rider or by teleportation device). Half or our founders were inventors and they won the Revolutionary war, in part, aided by the advance of technology in the colonies (for example by pioneering advances in the mass-production of firearms with interchangeable parts). They very wisely knew technology was advancing and would continue advancing and they tied NONE of our rights to any fixed technology. Yes, laws that other men added to our country later are plentiful, sometimes narrow, frequently overlapping, and often tied to various technologies (therefore needing amendments when technology changes) BUT that's NOT the Constitution and many of those laws were narrowly-tailored and tied to bits of tech in the first place as corrupt acts of crony-capitalism.
I know there are people from all parts of the political spectrum who think that anything, when tied to the Internet, becomes something shiny and new, but that just is not the case. The existence of the Internet does NOTHING to the definition of the word "privacy", does not magically obliterate the Constitutional requirements for warrants or anything else. Some judge or prosecutor or patent troll is free to make such assertions, but that just does not hold water.
Oh, and in your wiretapping comment you displayed more ignorance. The Constitution does not give the federal government any wiggle room to wiretap people without a warrant, and it was not permitted to intercept such private civilian communications before progressive judges and prosecutors who claim it is a "living document" started pretending such wiggle room existed. The president arguably has the right Constitutionally to wiretap communications that cross international borders particularly to/from "hostile" countries or "enemies" as part of his authority as "Commander in Chief" but a careful reading of what our founders wrote can lead to the belief that they intended that CinC authority to be in the context of wars declared by Congress. Wiretapping laws at the state and local level are certainly needed both because the Constitution is not designed to regulate the behaviour of individuals toward each other, and because the Constitution leaves all matters it does not explicitly grant to the Feds to the states and to the people themselves. In other words, it's up to California to have laws that keep californians from snooping on each-other, and being snooped upon, in any way that does not involve the Federal government.
Every time I think I have encountered the most ignorant person on the planet, somebody like you pops-up to induce a new level of despair (sigh)
The first half of your comment appear nothing more than a slam against me for being at least somewhat patriotic. Given that you had nothing positive to contribute there and offered no candidate for a "better" country, I can just leave that as the midless blather of a "disaffected youth" who will someday grow up.
The second half of your comment is a concentrated pile of pure unadultrated blathering ignorance. When scholars refer to the Constitution as a "living document" they mean that none of the words have any fixed meaning and that anybody backed-up with enough power is free to claim its words mean whatever they want them to mean in the current context. If the Constitution was truly a "living document", the entire Bill of Rights (including the 4th) would never have been needed and there would not even need to be an amendment process; every generation would simply be free to pretend the Constitution said what they wanted and pretend the parts they did not like were not there. A "progressive" who thinks the constitution is a "living document" feels little need to try to ammend it because he thinks its ok to just pretend the meaning of words has changed. By such reasoning, the constitution can require a warrant, but if that's too inconvenient, then some judge can simply say "yes, but in THIS new circumstance no warrant is needed..." Sadly, political progressives often love this idea when it goes their way, but then become rather outraged when somebody comes along and "discovers" some meaning that hurts them.
You're missing the point. Those who control the surface of the sphere of influence control its contents.
Write failed: Broken pipe
I suggest getting out of the pointless us and them mentality and reverse the situation - would you be happy if your emails were hosted in China or Russia and you know that a great deal of the traffic in and out is being watched? Does my argument make sense now put into that context? That's why I tried to avoid pointless jingoistic arguments such as yours by putting "Nationalism aside" in the subject. Perhaps you missed it and I should have put it in bold in the body instead of the subject. Maybe we need to being back the BLINK tag so late night slashdot readers don't miss things that should be obvious.
That's being dealt with elsewhere and is too fucking incredibly obvious to mention since the bunch Putin used to work for inspired 1984 so why drag it in here? In this sort of field the NSA are playing like kids (Star Trek set designer and similar shit) while Russians are leaving fucking Polonium calling cards to let people know without question who did the killing. Can we discuss other implications as well without getting "corrected" by the stuff on page 1 when the rest of us know that and are half way through the book?
Dude, I am Russian. There's no "nationalism" or "jingoism" angle in what I wrote, you're arguing with a strawman.
And yes, I would vastly prefer for my emails to be hosted in the US, for personal safety reasons. Not my own anymore - I'm already safely in US so I can wave a middle finger at the assholes in charge of ruining my home country - but my parents are still there, and they hold some, shall we say, unpopular political views. Which they don't blabber about in public, but now apparently it's not a good idea to do so in private email communications, as well.
"The Russian people's have some VERY educated ..."
I agree. They even know where to use apostrophes and where not.
Other nations are not currently superpowers, nor do they have targeted killing programs, or conduct wars far away from their borders.
That naturally places US on top of the "existential threats" list to essentially all other countries on the globe, and as a result it faces much tighter scrutiny.
WTO has all the appropriate clauses for "national security reasons" (put there by US no less) and NSA has provided all the necessary proof.
This is a double whammy of past actions catching up.
You must have stopped reading after the second sentence of my post. Please allow me to repeat the third sentence:
It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on.
Write failed: Broken pipe
As for restricting culture, we still have actual people to interact with, so not to worry.
Not for long -- Russia has made emigration almost illegal, but none of the international press have seen fit to pick up on this.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
To restrict Russian citizen's access to about 90% of the internet.
Yes, the big names might hire servers and staff in Russia... and cooperate with the Russian government.
But the smaller organizations? No way in hell they can afford that.
It's mostly another form of the Great Firewall of China.
I apologize for the lack of a signature.
Hopefully more countries will follow to encourage data keeping in the origination country. Next step will be ensuring that data is not forwarded to other countries without permission.
You can't read, can you? That's his point: They make no qualms about doing it. It's what they do. It's their nation(s) so who is anyone to tell another nation how to run itself? Like the great Eisenhower said of Vietnam: "Let asian boys handle asian problems" (smart man). Same extends to Russians or anyone else really. Seems to me the USA uses "freedom for others" as an excuse to stir up a problem and send in the marines to clean it up, to assume control, and to install puppet governments to get oil (or other things of value) at a good price only, for their own financial freedom (and that's only for the rich, not everyone else).
As a regular end user, I would really prefer my data to be in the hands of a foreign govt than my own govt. The foreign govt doesn't really have any power over me & can't do much with my data.
Actually, puppet governments _must_ be installed if you want a reliable ally.
Democracies tend to vote for their own self-interest over that of other countries. (And this is apparently a little-known fact).
1st: History shows us all, occupations always fail. You really mean an "extension of ourselves", don't you, rather than an "ally".
It also, for example, didn't work out so well with S. Hussein, did it? Nope. How about IRAN after the "Man of the Year" from Time Magazine was the ruler before that too, was deposed??
They all turned on us eventually.
See - Humanity hates captivity. Even when it's benevolent. That's just our nature. It can never, ever, last & is wasteful of monies but more importantly, OUR CITIZENS LIVES from the working or poor class, while the wealthy tip margaritas and do coke laughing at us!
The perfect trap removes the desire of the prisoner to escape. We haven't perfected one yet.
Chavez beat them trying it too with economic hitmen and the like. It never works and wastes our monies which we as taxpayers pay for and warmongers profit by. Period.
It is the WRONG WAY TO DO THINGS. Worst of all, it makes others hate us (which is illogical really - WE ARE COMPOSED OF ALL OF THEM)...
HOWEVER:
I've been all over Europe, and asked the people there (who REALLY LIVE IN FEAR of saying anything mind you) "Why do you all hate the USA, we ARE you?" - know what they told me? They said "It's not your people. It's your leaders, and they are NOT politicians, but rather the big money behind them" proving money truly is, the root of all evil.
APK
P.S.=> I just don't *like* what I see - wasteful illogic, benefitting only the "1% few", making GOOD PEOPLE fight one another, like stupid puppets (& we fall for it, manipulated by the mainstream media). I also don't believe that last part totally. People here aren't stupid. They follow the examples that come from above them. Shit flows downwards in other words. "Get what you can while the getting is good & then split" seems to be the mantra of the day, and it's DESTROYING us on many levels (financially, our reputations, and more)... apk
... and the point is keep the stuff close enough that you can at least in theory get local lawyers and politicians to do something about it when things go wrong.
If you're going to mutilate the genitals of your young girls, tell your women they can't drive, stone people to death for drawing cartoons, marry off children, beat homosexuals in the street until they're bloody and starve your citizens until near death then hell yeah I'm going to tell you how to live in your nation.
Everybody's favorite scapegoat, I bet he caused global warming, too.
The USA arguably wouldn't exist if the French, the Spanish, and the Dutch hadn't helped out in the American Revolution.
American interventionism has had a lot of failures but interventionism as a policy doesn't always turn out poorly.
Consider how different history would be if everyone subscribed to the "let asian boys handle asian problems" mentality. I don't think it would be a change for the better.
its a sad day on slashdot when apk makes a lucid argument and everyone else is trolling him with ad hominum attacks. Grow up people.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Seen from the outside world, most, if not all, US clouds are accessible to the NSA and other US state agencies. Especially if you're not a US Person, those agencies can request your data without a warrant at all. So what the Russians and Brazilians and soon to follow other nations are doing is this: they don't want you to post your potentially incriminating personal data on NSA-controlled servers when the NSA could use them to blackmail you should you work in an important position in politics, industry etc... They rather want you to post data on servers THEY, on only they, control. What's so wrong about this? If you are about to freely give your personal data to a spying agency anyway, it could as well be your own domestic spying agency, instead of the NSA. At least, that agency would be bound by your local laws w.r.t. the respect of privacy and protection of data of its own citizens, while the NSA is free to do what it wants with data of non US Persons, including selling them on the black market (not that they would do such a thing, of course, but in theory, they could). All this is due to the NSA overstepping its original mission that was code breaking and code development, and embarking on the Orwell program of TIA.
cpghost at Cordula's Web.
Don't be naive. The only reason Russia and other oppressive nations pass laws like these is so they can better monitor what their 'citizens' are doing and saying. It's a lot easier to lock up whoever wrote "Putin Sucks" online if the data is in a Russian server.
And having data reside in the USA at the whims of the NSA is how much better?
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
As for restricting culture, we still have actual people to interact with, so not to worry.
Not for long -- Russia has made emigration almost illegal, but none of the international press have seen fit to pick up on this.
Oh, really? You serious?
- Meaning soon we will see laws prohibiting any type of strong encryption in Russia.
PS:
Put in 1 phrase: "All your database are belong to us!"
How about credit card? If you buy from Ebay or from China are they then allowed to store credit card information, email address and home address?
Question is - what is personal information? I can understand SSN to be personal. But how about your birth date, sex (gay?), tracking cookies?
And famous Russian search engine is just building a data center outside from Russia...
As an immigrant who left Russia, I would be very curious to know how Russia is making emigration "almost illegal." Perhaps you're referring to the new (potential) dual citizenship registration law? That would be a pain, but it has nothing to do with restricting emigration.
Isn't Saudi Arabia an ally of the US?
Also, have a look at some of the things happening in your own country:
Passengers Cheer as Trans Woman is Stripped and Beaten on Atlanta Train (with video) (May 31, 2014)
Abortion Clinic Escort Opens Up About 'Disgusting, Degrading And Racist' Attacks On Patients (February 21, 2014)
Sikh (mistaken for a Muslim) attacked by racist mob, thanks Good Samaritans who got between him and his hate-filled attackers (after getting his jaw was surgically re-wired) (September 23, 2013) Transgender Woman Dies After Beating in Front of NYPD Precinct (August 26, 2013)
Police: Man damaged Bloomington Planned Parenthood building, cited religious beliefs (April 11 2013)
Please note that I don't support any repressive regimes or groups that enforce FGM or promote sexist behaviours, I am just pointing out that the US is not a shining example of tolerance and social liberties...it would be best if the US focused on sorting out her own problems before pointing fingers at others. Also, thanks for liberating Afghanistan, freeing the Afghans of the nasty Soviet puppet government and delivering them into the hands of the Al-Quaeda and the Taliban is highly appreciated by the entire world!
Oi, stop feeding the trolls, you've made some pretty good points and since they have no logical retort, they've resorted to trolling you...learn to ignore them
and what the fuck do you have against women?
That statement is the height of hubris and arrogance. Ever hear of the anthropological/sociological idea of "cultural relativism"? It not only applies to subgroups within a nation but also between nations/cultures. Generally speaking the idea is that different cultures live by different values. What might be a crime in one culture can be an accepted norm in another. It also implies that it is not the place of foreigners to impose their values on other cultures regardless of whether or not you were to view their values as offensive. It also implies that it is up to each nation or culture to change their own values from within. Only then with the general population accept such changes. You would have no right, morally or otherwise, to dictate norms to any other culture. Consider the equivalent of the Star Fleet Prime Directive.
"Those who can make you believe absurdities can make you commit atrocities." - Voltaire
Saudi Arabia is only an ally insofar as we support (militarily) the royal Saudi family. Most Saudi Arabians loathe the United States. One reason being the Saudi family are nepotistic dictators, don't live according Arabian cultural and religious values and rule with an iron fist. The Arabian also are well aware of the fact that the Saudi family for many decades had a secret agreement with the U.S. for the U.S. military presence in Arabia was there to aid the royal family in controlling the masses in exchange for dirt cheap oil. At least until the OPEC nations pressured the royal family to join them in their embargo against the U.S. for their support of Israel.
"Those who can make you believe absurdities can make you commit atrocities." - Voltaire
Now I don't know about you but to me that sounds an awful lot like the conditions in Saudi Arabia (except for the starving your people part, the Saudi regime seems to give just enough to the commoners to keep them from revolting, not that a revolt would do much good) hence my comment that Saudi Arabia is an ally of the US which was supposed to demonstrate to the OP that the US government does not care about civil liberties for the masses or stone-age-practices supported by a regime claiming to rule by divine right as long as the said regime serves America's corporate interests...
Agreed.
"Those who can make you believe absurdities can make you commit atrocities." - Voltaire