Slashdot Mirror
Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance (dailydot.com)
A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.
Seems like exactly the kind of thing a corrupt government that doesn't respect the privacy and rights of its citizens would do.
I'm an American. I love this country and the freedoms that we used to have.
The Russian government already has a well-mapped plan to isolate the country's internet by 2020, roughly following the Chinese model. Of course, there will always be ways around restrictions, but the aim is not to completely wall off the country, it is to ensure that the vast majority of the population can be kept under tabs and that it doesn't see too many things that the state doesn't like.
I'm very happy that Russian legislation doesn't apply to the rest of the world. Nonetheless, claiming that this law is only a problem for Russia and needn't bother us here, tends to obscure the fact that there are at least a couple of hundred thousand people in Russia who are just like us, and it's sad if our nerd peers there suffer.
It is a good test. Russia's economy is basically poop these days so there isn't all that much to be made there. If tech companies were ever going to give the "see ya" to a country in responsive to invasive legislation, now would be the time.
I remember a time when the US could point fingers at other countries abusing spying on their own citizens...
Feds declare that the back doors to all homes remain unlocked at all times to allow police easy access. In response to questions about home security, the government said they'd post "For Government Use and Homeowner Use Only" signs on everyone's doors. "That'll stop any burglars," CIA director Brennan said. "Not that there are any burglars. They're purely theoretical."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Will they cave, or will they stand tall? Because if they cave, the US and the world will follow Putin's lead.
They'll cave because, except for a small subset of companies, most don't really care what sort of encryption they use (or if they encrypt at all) because it won't be the companies that pays the price for their short-sightedness. Rather than risk losing out on the Russian markets, companies will obediently use the Russian-blessed encryption. When the inevitable happens and somebody (be it criminal hackers or the Russian government) use the mandated backdoor to break into their servers, they'll just pass the cost onto their customers. If their customer database will be compromised - everybody's government identification number / credit-card numbers / health and medical information is out on the web - they will just do what every other company does in that situation: hide the breach for as long as they can and once they are found out send out an email with free 1-year "credit monitoring", as if that makes up for it. Of course, it might be the company's own information that gets stolen, but that stuff usually isn't as valuable to a company as they think it is; they'll maybe take a hit on the market, and make up for it by firing a bunch of their peons. Then it will just be back to business as usual.
Of course, long-term these sorts of breaches can be devastating; international corporations will wonder why they keep losing out deals to locals who always seem to know what the foreign companies are up ahead of time (because you can bet the government will use this for corporate espionage to better the lot of their own constituents), but rare is the modern corporation that ever looks at anything long term. They'll be too terrified of losing out on those precious rubles today to worry that they might be knocked out of the market entirely tomorrow.
Now, if we actually held companies accountable for these breaches - especially when using something as stupid as encryption with a guaranteed backdoor - and the company suffered financial or criminal sanctions for their actions, then maybe it would be a different story. But seeing as how the US government also wants its own backdoors, it's unlikely they'll criminalize anyone using encryption that has a secret government key anytime soon...