Slashdot Mirror
New Russian Law To Forbid Storing Russians' Data Outside the Country
TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.
There are plenty of countries that already do this at the federal and state/provincial levels. And a lot of companies are following suit, especially after privacy laws have been toughened up by federal law.
Om, nomnomnom...
I wonder how such a thing is going to be enforced. Seems to me this is more about burdening Russian companies who use western services than it is about securing the privacy of Russian citizens. Besides if Putin forces all Russian companies to keep their data local then his cronies can more easily do their own spying on it, rather than have to beg the NSA to give them access, which given Russia's frosty relationship with the US, is probably pretty much cut off these days.
Americans in general don't care about privacy. There are very few countries where the public gives a shit.
Don't be naive. The only reason Russia and other oppressive nations pass laws like these is so they can better monitor what their 'citizens' are doing and saying. It's a lot easier to lock up whoever wrote "Putin Sucks" online if the data is in a Russian server.
As stated in the subject line, security through legislation is no security at all. If anything, this will weaken information security for Russians. It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on. I'm genuinely amused.
Write failed: Broken pipe
The good part with US servers and the US cloud was lack of hard encryption and a legal 'cut out' e.g. a federal "finding" for the NSA to get in and collect it all from tame US telco product providers.
As hinted at via ideas around "QuantumInsert" show that time and distance to a cloud or server is good news for the NSA and friends.
i.e. a man-in-the-middle fake web page is great on distant optical but may be more tricky within Russia needing tame Russian staff and an unnoticed Russian site.
If you can get the cloud or servers used by Russians out to the US or a tame friendly country with shared facilities its less hard work.
Within Russia your back to the human side
"The name is Blond... James Blond: The moment US 'spy' has shaggy wig revealed by Russian secret service after being arrested for offering millions to agent to switch sides" (15 May 2013)
http://www.dailymail.co.uk/new...
Russian cannot protect its wider internet use as it moves around the EU and beyond. In Russia the US has to try the human approach - something any nations security services are always ready for in their own cities.
Russia knows it needs to project its banking, trade, science and culture out to the world on its own terms and via Russians.
Russia also knows the less vital networks it has floating around the world - the slightly less easy it is to totally tap.
Russia lost a lot in the 1930's - to early 1950's due to sloppy code use. Russia learned fast that one time pads if used correctly (no reuse) do work.
The problem is a vast rate of vital data moving on 'international' junk banking and telco crypto standards on cheap peering.
The Russian solution is to risk what it knows will be lost on international networks and do the best they can back in Russia on their own networks.
Will it work? No, the NSA and GCHQ got to many large scale internal Soviet networks over time. Back to humans, typewriters, one time pads and number stations.
Domestic spying is now "Benign Information Gathering"
Nationalism aside it's not a bad idea, since having your medical records sent to the Phillipines for data entry and many similar stupid shortcuts are bad ideas. If your sensitive information is being stored in a different legal juristiction where people speak a different language there's not much you can do if someone wanders off with it and puts it to other uses unless you have as many international lawyers on staff as IBM.
The NSA will still be sniffing any traffic that crosses US borders.
In fact, the NSA might prefer that you store everything overseas,
as it gives them
[Fuck Beta]
o0t!
STUPID and/or FOOLISH Americans don't care about their privacy; they Tweet, and Facebook, and store "their" files in the cloud (1960's style on a server they neither own nor control) and so on. MANY Americans, on the other hand, value our privacy just as much as our founders did back when they wrote a Constitution that limited our government to doing only a handful of specific things (NONE of which included either facilitating OR regulating OR snooping on ANY communications within the country other than the creation of a postal service) and prohibited the government from going through our "stuff" without a warrant that [1] is attached to some claim of a crime, [2] is taken-out by sworn oath of the officer [3] is specific about WHO, WHAT, and WHERE to search:
The Fourth Amendment:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"
Those of us who still believe in those "quaint" and "out-dated" ideas, and who deny that the Constitution is a "living document" that can be evaded by any judge who wishes to "re-interpret" it to fit the current mood store OUR data on our own servers and do not use completely unnecessary "social media" sites that encourage adults to behave like self-absorbed teenage girls. Many of also resist using sites like Facebook where every click contributes to an empire of advertizing and data-snooping that funds political efforts to tear down all the limits on importing labor so its founder can get even richer by suppressing the wages of middle-class American IT people.
All a guy who wants to stir up trouble would need to do is to put their own personal details on a forum. Then they could call the authorities and go,"Look, on Joe USA's forum is my personal details".
God spoke to me
This is completely different from EU directives. Those pertain to EU companies storing data. This one is about all companies storing data of Russian citizens. I am a Russian citizen residing abroad; by the letter of this law, if I create a GMail account, Google must host my inbox data on a server in Russia, even though neither of us two is there. If they do not comply, their servers will be blocked inside Russia.
This is not a privacy provision like EU directives are. It's about having the data on Russian soil, where it can be easily examined without a warrant, or even a notification that it is happening (see also: SORM-2).
as it gives them
End of stream? Did the NSA not flush that last buffer they read?
http://michaelsmith.id.au
You are SO poorly educated (I'm NOT calling you "stupid", just saying you had bad teachers) that you do not understand what our founders wrote; For "effects" do not substitute "computer graphics" or Zuck's, Page's or Brin's software. Try substituting the word "stuff" - you'll probably "get it" then. Our founders did not believe the government had any right to dig through and look at ANY of your "stuff" without a valid, explicit warrant from a judge where the investigator/policeman had to swear under oath that his application was accurate; this provided accountability.
Like any good short-sighted progressive, you seem to assert that the internet is some new magical thing that renders the Constitution obsolete; it does not because the constitution is not concerned at all with the specific technology of communications (your right to be secure in your papers and effects has NOTHING to do with whether those are transported by pony express rider or by teleportation device). Half or our founders were inventors and they won the Revolutionary war, in part, aided by the advance of technology in the colonies (for example by pioneering advances in the mass-production of firearms with interchangeable parts). They very wisely knew technology was advancing and would continue advancing and they tied NONE of our rights to any fixed technology. Yes, laws that other men added to our country later are plentiful, sometimes narrow, frequently overlapping, and often tied to various technologies (therefore needing amendments when technology changes) BUT that's NOT the Constitution and many of those laws were narrowly-tailored and tied to bits of tech in the first place as corrupt acts of crony-capitalism.
I know there are people from all parts of the political spectrum who think that anything, when tied to the Internet, becomes something shiny and new, but that just is not the case. The existence of the Internet does NOTHING to the definition of the word "privacy", does not magically obliterate the Constitutional requirements for warrants or anything else. Some judge or prosecutor or patent troll is free to make such assertions, but that just does not hold water.
Oh, and in your wiretapping comment you displayed more ignorance. The Constitution does not give the federal government any wiggle room to wiretap people without a warrant, and it was not permitted to intercept such private civilian communications before progressive judges and prosecutors who claim it is a "living document" started pretending such wiggle room existed. The president arguably has the right Constitutionally to wiretap communications that cross international borders particularly to/from "hostile" countries or "enemies" as part of his authority as "Commander in Chief" but a careful reading of what our founders wrote can lead to the belief that they intended that CinC authority to be in the context of wars declared by Congress. Wiretapping laws at the state and local level are certainly needed both because the Constitution is not designed to regulate the behaviour of individuals toward each other, and because the Constitution leaves all matters it does not explicitly grant to the Feds to the states and to the people themselves. In other words, it's up to California to have laws that keep californians from snooping on each-other, and being snooped upon, in any way that does not involve the Federal government.
I suggest getting out of the pointless us and them mentality and reverse the situation - would you be happy if your emails were hosted in China or Russia and you know that a great deal of the traffic in and out is being watched? Does my argument make sense now put into that context? That's why I tried to avoid pointless jingoistic arguments such as yours by putting "Nationalism aside" in the subject. Perhaps you missed it and I should have put it in bold in the body instead of the subject. Maybe we need to being back the BLINK tag so late night slashdot readers don't miss things that should be obvious.
That's being dealt with elsewhere and is too fucking incredibly obvious to mention since the bunch Putin used to work for inspired 1984 so why drag it in here? In this sort of field the NSA are playing like kids (Star Trek set designer and similar shit) while Russians are leaving fucking Polonium calling cards to let people know without question who did the killing. Can we discuss other implications as well without getting "corrected" by the stuff on page 1 when the rest of us know that and are half way through the book?
Dude, I am Russian. There's no "nationalism" or "jingoism" angle in what I wrote, you're arguing with a strawman.
And yes, I would vastly prefer for my emails to be hosted in the US, for personal safety reasons. Not my own anymore - I'm already safely in US so I can wave a middle finger at the assholes in charge of ruining my home country - but my parents are still there, and they hold some, shall we say, unpopular political views. Which they don't blabber about in public, but now apparently it's not a good idea to do so in private email communications, as well.
Incorrect. EU directives are not about "EU companies" but "companies operating in EU". I.e. companies that store information about EU citizens.
These measures appear to be more broad in their storage requirements, but they closely mirror European regulation in terms of who they are directed at.
Other nations are not currently superpowers, nor do they have targeted killing programs, or conduct wars far away from their borders.
That naturally places US on top of the "existential threats" list to essentially all other countries on the globe, and as a result it faces much tighter scrutiny.
As for restricting culture, we still have actual people to interact with, so not to worry.
Not for long -- Russia has made emigration almost illegal, but none of the international press have seen fit to pick up on this.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'