Slashdot Mirror
Russian Bill Requires Encryption Backdoors In All Messenger Apps (dailydot.com)
Patrick O'Neill quotes a report from The Daily Dot: A new bill in the Russian Duma, the country's lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Service -- the successor to the KGB -- can obtain special access to all communications within the country. [Apps like WhatsApp, Viber, and Telegram, all of which offer varying levels of encrypted security for messages, are specifically targeted in the "anti-terrorism" bill, according to the Russian-language media. Fines for the offending companies could reach 1 million rubles or about $15,000.] Russian Senator Elena Mizulina argued that the new bill ought to become law because, she said, teens are brainwashed in closed groups on the internet to murder police officers, a practice protected by encryption. Mizulina then went further. "Maybe we should revisit the idea of pre-filtering [messages]," she said. "We cannot look silently on this."
Oh dear, this is ironic. Russia is a haven for online criminals, something they really ought to crack down on. Instead of pursuing actual criminals, they're looking to reduce the privacy of people who haven't done anything wrong. What a screwed up country!
messaging apps
Fixed that for you
Pain is merely failure leaving the body
Does not seem to matter what country you are in. They all want to know.
This is only relevant to companies that have assets or personnel in Russia. Everyone else can safely ignore them. The US and Europe are not going to extradite anyone to Russia over this or cooperate with a Russian investigation. Putin have been pushing too hard at returning to cold war nonsense for any government to take this seriously.
To any country that makes encryption either illegal, or treats it as eminent domain for the government to have access to it's citizen's communications.
This is the same crap the UK is proposing, and the same crap the US is trying to implement. It's time for the citizens, and thereby the private services providers, to stand up and say "No More!!!".
Those filthy dirty freedom hating commies. Now they are stealing out government's ideas!
I'm an American. I love this country and the freedoms that we used to have.
Free speech and privacy are viewed as terrorism here, too.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
The Russian government already has a plan to isolate the Russian internet by 2020, modeled roughly after China's internet. At that point, foreign services may be reachable inside Russia only if they agree to establish assets and personnel in Russia, and they might agree to laws like this as the cost of doing business.
I want to see how this cat and mouse game plays out. Ultimately they will have to force the ISPs to drop encrypted packets.
“He’s not deformed, he’s just drunk!”
I firmly believe that any two adults should have the right to communicate privately as long as they are not convicted felons. I'm a mathematician. It blows my mind that anyone thinks it's reasonable to prohibit the use of math in speech. That said, I would love it if I could buy a phone which would allow me, a parent, to read the communications between my children and other people - not to keep them from becoming terrorists, but to protect them. Children don't have the same rights as adults for good reasons. Looking at domestic cases of terrorism (Dylan Roof, James Holmes, the Tsarnaevs, etc..), most of them either were too old to be parented per say, or they had parents who weren't really in control of them, or even parents who may have sympathized with them (e.g. the Tsarnaevs).
Or should I re-phrase that as "because bogeymen"? I mean, really, how many terrorists attacks, anywhere in the world, have been prevented as a result of the privacy we've already been forced to give up?
If terrorists didn't exist, governments would have to invent them, to justify their megalomaniacal policies. Oddly enough, Russia is (uncharacteristically) late to the party on this one - it seems that they're simply following the lead of the Free World. That alone should be a cause for serious concern among those ostensibly 'free' countries.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Messenger apps backdoor you!
I don't respond to AC's.
Is ytalk a messenger app? What about IRC? Is encryption over ytalk and irc going to be banned? How?
Is Russia going to yank these "apps" out of the public domain?
The cat is not only out of the bag, but is riding the cows that have left the barn and the open gate in the field, and are headed toward the mountains to start their new society based on milking humans.
--
BMO
I never understood why people think networks like the Internet are supposed to be private. They weren't designed to be originally. In fact, the first networks were broadcast: every node "talked" to every other node. Networks are supposed to facilitate communications. They aren't designed to hide communications. In fact in a peer to peer network like the internet, every node is supposed to be able to talk to other nodes. I know a bunch of people are going to get angry at this but the fact is if you want secrecy, don't use a communication network like the Internet. I know it is hard to believe, but it is possible! I'll wait for all the blah, blah, blah, I hate you Aspie responses, but if you look at the history of networks in general, security was an afterthought that was tacked on top (poorly).
Few people think the internet is private, that's why they use encryption.
If someone wants your secrets badly enough that they'll backdoor your phone without you knowing it (and they have the resources to do so), then no communication is safe, not even a person-to-person conversation.
A foreign company doing any significant business in Russia can certainly afford "1 million rubles or about $15,000" as a cost of doing business.
"National Security is the chief cause of national insecurity." - Celine's First Law
I made a mistake. I paid for it. We all talk about second chances, but we don't want to be the ones to give them, right?
Well, fuck you, pal.
Russian bill: All messaging apps must have a backdoor that only Russia can access.
US bill: All messaging apps must have a backdoor that only the US can access.
EU bill: All messaging apps must have a backdoor that only the EU can access.
Yeah, that'll work just great.
If you remember that little hubbub about Russia's attempt to block certain pages of Wikipedia, it failed only because Wikimedia set the HSTS; they simply expected to utilize the providers' MITM backdoors the way they did it with every other page that makes its way into the proscribed list (that gets added to regularly), but when the entire site went down with a big warning "forgery in progress, turn back now, you're not clicking through", they panicked and backtracked. But not for long. So here's a way out of that predicament. Now ru.wikipedia.org will have to decide if they want to pack up and disappear or permit that which they fought off a year ago; and if they choose wrong, it'll be their fault - the law is clear, innit?
I can assure you, the best way to get rid of dragons is to have one of your own.
Rather than mod you down -1 Troll, which you probably deserve with a subject of "I never understood privacy", I'm going to "fall for it" and actually address your convoluted point of view as if you were serious, Mr. doesn't-understand-privacy-but-still-named-"110010001000".
I never understood why people think networks like the Internet are supposed to be private
When you say "supposed to"-- to what authority are you appealing? Certainly there are many many mechanisms built on the internet that are "supposed to" enforce private communications, so on the face of it your statement is wrong. I dont' understand what is so hard about the goals of TLS, SSL, SSH, PGP, etc. that you don't understand them.
They weren't designed to be originally.
The underlying TCP/IP may not have had privacy as a premiere concern, but certainly numerous technologies built on top of TCP/IP have and do. The underlying protocols do what they were designed to do for the most part. Saying they weren't "originally" designed to enforce privacy is like saying that you don't understand why the web is supposed to work because TCP/IP isn't originally designed to serve web pages.
In fact, the first networks were broadcast: every node "talked" to every other node. I don't know if this is even true, but if it is, so what? The first TVs were in black and white, does this mean that you don't understand why people think TV is supposed to be in color?
if you want secrecy, don't use a communication network like the Internet. What? Why not? Because some networks at one point broadcasted everything to everyone on the network? How does that even preclude a single recipient from uniquely decoding the message?
What mechanism would you recommend one use for communicating privately, exactly? Because I'm very willing to argue that the underlying communication platform of whatever-you-come-up-with was never "supposed to be private" by your own ehm, let's-say-logic.
if you look at the history of networks in general, security was an afterthought that was tacked on top (poorly)
Since you hate privacy so much, could you please post as a response your real name, social security number (if American), address, bank account numbers, balances, and PINs, and credit card info? I'm sure people would be happy to send you a lot of reasons to value secrecy-over-networks.
Y'know what-- I do hate you, Aspie.
Can we mod this trollish crap down?
The problem is that we had secure communications networks. They were kept disjoint, and with incompatible communication protocols.
There is a way to design a secure network -- circuit switched, with the switch having an ACL that only lets certain machines communicate with each other and nobody else. Add RSA keys on a low level of the stack, and an attacker would have to compromise both the switch ACL and the authorized key list on the individual machines just to attempt communicating with one of the hosts.
Russia only has theoretical encryption, so the Russian government is only planning for the future. This has no impact on current technology.
-- Slashdot, making the Left look conservative since 1997.
They're just pre-emptively ensuring they can continue to use US-made encryption for the foreseeable future.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
> What's wrong with this?
Isolating the Russian people from the internet at large would prevent them from learning from and sharing knowledge with the rest of the world. It puts Russians at a disadvantage against those who govern them when they can't see free (libre) and open press reports from outside their country.
> It would stop the Daesh propaganda,
There is no proof that this would be so. Propaganda can be distributed from within as well as from outside. Look at China's internet for an example of how people, via proxies and VPNs find ways to traverse the firewall of China. Propaganda could still find its way into the country.
> and it would stop the billions of attacks coming from offshore
There is no proof that this would be so either. Chinese websites still get hacked. Just recently a top Chinese University website was hacked by ISIL or an ISIL supporter.
> Countries protect their physical borders, why not their routers?
Because the routers are not theirs to protect. The routers are owned by private companies and individuals. It is those people and organizations whom should control how their property and networks they built are used.
The Russian government already has a plan to isolate the Russian internet by 2020, modeled roughly after China's internet. At that point, foreign services may be reachable inside Russia only if they agree to establish assets and personnel in Russia, and they might agree to laws like this as the cost of doing business.
Any instant messaging company that installs backdoors to operate in Russia will lose the trust of their users everywhere. People are demanding secure and private communications which rules out using software from a company known to install backdoors Those companies will need to decide if there are enough profitable users in Russia to make up for loses in other markets. Complying with Russian laws is not the only cost to businesses.
If Russia wants to isolate their internet, maybe the rest of the world should support this move and isolate Russia. It would cut down on cybercrime and put Russia at a competitive disadvantage.
You're also describing the "party line" telephone system, and before that standing in the street and shouting at your neighbours.
While privacy may be claimed to be new construct by some people, that's simply because it wasn't terribly difficult to achieve previously. You just had to talk softly or write letters instead of postcards. And you WILL find that the expectation of privacy exists in the physical mail service, to pretend that it doesn't in email etc is convenient bullshit that corporate/government have pushed through since it suited their agendas.
The stupid part is once you have ubiquitous monitoring in place, and known to be in place, you don't catch the real criminals. They revert to code talking anyway.
Beat a rag of ticks.
Your ability to complain about leftist strawmen shows what rights you have.
Your ability to go into a fantasy to justify your line of thinking demonstrates how out of touch with reality you are.
Your dismissal of other people and equal rights demonstrates your childlike qualities.
Don't bother replying, I'll never see it. Either use cognitive dissonance to justify your actions or even turn this somehow into an attack; or realize that people shouldn't have to live in fear because it is wrong.
Messengers encrypt YOU!
Being a Russian I just don't beeping care. And maybe I'm even glad that this bill is proposed, because it means that all the official messengers (I mean: companies that provide messenger services using closed source software) will be compromised and the only messengers that are trustworthy will be the open source decentralized ones having no central authority that can be fined.
In such conditions the maximum fine would be 5000 Roubles (less than US$100) which means that the expense of collecting the evidence would not pay up. It's just impossible to interrogate everybody whose traffic comes to some nonstandard port, and it's impossible to prove that it's a messenger and not anything else.
Also I hope that any software that used the outdated HTTP(S) and HTML protocols which have so many builtin security holes will be compromised at last and the only programs that survive would have no such thing as web page phenomenon and correspondingly site phenomenon. For instance, Freenet now supports something like a webpage. But it edits out anything that could be dangerous. RetroShare just has no web page. It displays web links but you should copy them to the browser with full understanding for your actions.
Please understand: This bill is neither Putin's nor the FSB/KGB initiative. The FSB works stealthly. It's the initiative of parlamentaries who propose the laws that just cannot be observed.
Fuck off, fuck off, fuck off.
Signed,
Wales.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
What I heard from E.Snowden makes me believe that all messengers have got a backdoor as a part of some project with a name something like Flying Eagle.
If it was possible to monitor communications of Bundeskanzler and Président, then run-of-the-mill messengers and smartphones should not be a challenge.
The question is not about backdoors, but who would hold keys.
+1 That made me laugh.
Just for the folks who don't follow football.
http://www.bbc.co.uk/sport/football/36514115
You say it like it's entire Russia is doing that. Nothing could be farther from truth. As a Russian myself I consider any such law projects to be work of corrupted officials who don't know what they're doing. Duma is always full of blatantly dump law projects anyway.
A few lines of javascript, crypto_js and a simple message relay written in PHP (which can be hosted anywhere in the world) is all you need for a secure messaging app. On the phone side, all you'd need is a web browser that can run standard javascript. On the server all you need is something like PHP (any language will do here: even a CGI script written in bash would suffice).
John_Chalisque
No need to be unpleasant.
Homosexuals are seen as pedophiles in Russia - and innocent people have been killed because the state doesn't really try to catch killers of homosexuals. Maybe you should look what "promoting sodomy" covers in this shithole, even pointing out that homosexuality is normal is enough to be harassed by police and state-protected neo nazi groups...
A long time ago it was thought that homosexuals wasn't born - they were created due to seduction by pedophiles. In Russia that is still seen as reality while all scientific research show that is idiotic bullshit. Homosexuality is natural in a huge range of animal species including man.
And your idea of sex change among small children is so fucking idiotic I'll not even respond to it.
Let me see ... the US wants backdoors (in fact, the NSA approved stuff is designed to be weak in one or another way). Then, Russia wants backdoors. China works with service providers to have some sort of backdoor. I am sure that UK and Australia are looking for backdoors.
So, any country has the right to have backdoors in the security artifacts and what was supposed to be secure now will have more holes than doors have a hotel, in the name of counter-terrorism, making these artifacts completely useless. Because if one country has the right, then all them have the right. Could be possible to control more than 200 backdoors in any secured communication?
This is very similar to say that as the terrorists breath, then we need to control the air because they could be breathing.
A quote from 'V for Vendetta", Cruelty and injustice...intolerance and oppression. And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance, coercing your conformity and soliciting your submission. How did this happen? Who's to blame? Well certainly there are those who are more responsible than others, and they will be held accountable. But again, truth be told...if you're looking for the guilty, you need only look into a mirror. I know why you did it. I know you were afraid. Who wouldn't be? War. Terror. Disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense................
V for Vendetta: People should not be afraid of their governments. Governments should be afraid of their people.
Nobody thinks that. No wonder you misunderstood them!
People think that some applications should be private. i.e. before you decide how you're going to communicate, you have already decided to tell your wife, "Buy some orange juice on the way home." And once you know that you're about to say something private like that, then you look for ways to do it. Public networks are awesome for this.
Yes, and then a few thousand years ago, people started to realize that you could bolt privacy onto a medium that isn't necessarily private. Write instructions to the other general in code and then if the messenger is captured, the enemy won't know how to read the scroll.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
... seems to be okay for russia as well.
No surprise here.
Stop surveillance. Worldwide. For everybody.
Anyone who hasn't seen "17 moments in Spring", doesn't understand the Russian attitude towards espionage and modern statehood. And no Russian Federation official has not seen it. It's the biggest cult-like movie in the modern russian language and it has contributed more to the modern Russian idiom than Casablanca has to the modern American English idiom. Putin openly modeled his political persona on the protagonist of this 12-part miniseries which is known to every russian. And the series (while it is set in the fall/Fall of Nazi Germany) makes a point of mocking the effectiveness of secret voice recordings over actual human investigating through infiltration and getting in the heads of the investigated subjects. There is no way RF would fall trap to this false sense of security given this central culture piece. The reason KGB was as feared and as central to the internal surveillance culture of the Soviet Union was that it was understood to have human informants who would do just such investigating in every organization in the Soviet Union.
Any guest worker system is indistinguishable from indentured servitude.
Easy, encrypt the real text traffic and provide a backdoor that generates innocent text generated by an AI. If the encryption is good, then the gubmint won't be able to prove that the spoofed text isn't the correct text.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Seriously, if a group really wants to hide from surveillance, they won't under any circumstances communicate their intentions, neither in the clear, nor encrypted, electronically, period. They'll meet ahead of time, and, at the most, agree on a trigger code... and not something as sophisticated as a one time pad. That code would be both simple, and would sail under the radar of surveillance: it won't raise any red flags whatsoever.
So, for instance, Alice will text Bob and say: "Hey Bob, you must really watch this awesome clip on YouTube from [INSERT-POPULAR-BAND-HERE]!", insert jargon of target group to make dialog more authentic. That would be a pre-agreed code for something totally different. Of course, Alice and Bob would have to establish a history of similar (dummy) messages in the past to evade raising eyebrows later: the crucial message should be indistinguishable from the ocean of regular messages they both exchange regularly.
One could even conceive a whole code made up of little blocks of such dialogs that appear like usual teen chatter on the surface... but that would open up this code to analysis. The less they communicate (in code), the unlikely they'll be detected. As an illustration for variation: use 20 pop artists in the phrase above, for 20 pre-agreed messages. If you need 400 messages, combine with 20 pre-agreed adjectives "have you seen INSERT-ADJECTIVE clip from INSERT-ARTIST on YouTube?"... there are endless possibilities to communicate discreetly over a low-bandwidth plain-text channel this way.
cpghost at Cordula's Web.
So, you are saying that the proper course of action is to instead force a child that knows they should be female from being who they believe they are?
You don't understand this, this is allowing the child to live a happy life, not forcing the child to do something against their will.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
If the 12 yo boy is gay, who is to stop them? That is like saying that a 12 yo isn't allowed to date the opposite sex because you think that dating is wrong. 12 Year olds are old enough to have started puberty and to know which way their sexual orientation is.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
I find it absolutely hilarious you call me regressive-left...clearly you haven't read any of my history.
Nobody is encouraging 12yo boys to go fuck girls. That would be 'rape culture', 'un-feminist' and 'hetero-normative'. There is no reason to ban a non-existing practice.
No, that wouldn't be rape, two 12 year olds having sex is perfectly legal in the US, there is no rape involved unless someone is forced against their will. Statutory rape is involved when an adult is having sex with an underage person, but that is due to power imbalance. There is no law against two consenting children having sex with each other.
Although there is a trend to incite children, especially boys, to be homosexual or trans.
Um, no, there is no incitement, there is an allowing kids to do what is normal for kids to do. If they are attracted to the same sex, who are you, or the Russian government to tell them they are not allowed?
Promoting homosexuality and trans-fetish to children is how they grow their rank to secure political gain. It is basically state sponsored child abuse.
No one is promoting anything but you, you are promoting disinformation. The kids are ALREADY GAY, not being perverted into being gay, no one forced them to be gay.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Did I say anything about age of consent? It is always illegal for an adult to have sex with an underage person, but what does that have to do with 12 year olds having sex with each other?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?