Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance (dailydot.com)

Posted by msmash on from the when-in-Russia,-live-with-it dept.

A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.

15 of 109 comments (clear)

  1. Unenforceable law is unenforceable by kheldan · · Score: 5, Interesting

    Non-Russian-based companies can't be compelled to comply with this, and furthermore some companies are sure to just completely pull out of Russia completely. Apparently Russian politicians are no smarter than politicians anywhere else, and apparently are uncomprehending of the fact that the Internet is not just inside Russia or controlled by Russia.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:Unenforceable law is unenforceable by CRCulver · · Score: 5, Insightful

      apparently are uncomprehending of the fact that the Internet is not just inside Russia or controlled by Russia.

      The Russian government already has a well-mapped plan to isolate the country's internet by 2020, roughly following the Chinese model. Of course, there will always be ways around restrictions, but the aim is not to completely wall off the country, it is to ensure that the vast majority of the population can be kept under tabs and that it doesn't see too many things that the state doesn't like.

      I'm very happy that Russian legislation doesn't apply to the rest of the world. Nonetheless, claiming that this law is only a problem for Russia and needn't bother us here, tends to obscure the fact that there are at least a couple of hundred thousand people in Russia who are just like us, and it's sad if our nerd peers there suffer.

    2. Re:Unenforceable law is unenforceable by kheldan · · Score: 2

      Okay; fair enough. This being the Internet and all, it wouldn't have been the first time someone didn't bother actually reading something, then making wild assumptions about the content they didn't actually read. xD

      Yes, it's going to be a problem for everyone, assuming it actually becomes a law, but as previously stated they don't seem to comprehend how the Internet works any better than politicians anywhere else do. Hopefully someone will point out to them that it just can't be done unless they really do want to disconnect Russia from the rest of the Internet, and kick out all non-Russian companies providing services there.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    3. Re:Unenforceable law is unenforceable by sir1963nz · · Score: 2

      Nice to see Russia trying to become more like the USA

    4. Re:Unenforceable law is unenforceable by Zontar+The+Mindless · · Score: 2

      Selectively enforceable law is selectively enforceable.

      TFTFY.

      (You forget you're talking about Russia, where laws are nothing more than just a few of the tools which the State has at its disposal for dealing with folks it doesn't like. And "State" is just a convenient abbreviation for "Putin/oligarchs/mobsters/skinheads/bikers".)

      --
      Il n'y a pas de Planet B.
  2. sounds right by frovingslosh · · Score: 5, Insightful

    Seems like exactly the kind of thing a corrupt government that doesn't respect the privacy and rights of its citizens would do.

    --
    I'm an American. I love this country and the freedoms that we used to have.
    1. Re:sounds right by Anonymous Coward · · Score: 5, Insightful

      Yeah, damn russians stealing our ideas again !

  3. Excellent! I await the response by fustakrakich · · Score: 2

    Let's hope it's just as newsworthy. I expect to hear all about new technologies that can get around the problem.

    --
    “He’s not deformed, he’s just drunk!”
  4. Clueless... by 101percent · · Score: 2

    Do these people really think these companies can create a secure "backdoor to all encryption"? I dread the day I wake up and whatever bullshit "solution" they come up with gets compromised and it's basically cyber Armageddon. Hope they come up with some other impossible shit like, "Feds declare all cars must get 200m/g. Government declares all hamburgers must be fat free." I get what they want, but some things you just can't legislate into existence, especially the goddamn backbone of ecommerce.

    1. Re:Clueless... by Jason+Levine · · Score: 3, Insightful

      Feds declare that the back doors to all homes remain unlocked at all times to allow police easy access. In response to questions about home security, the government said they'd post "For Government Use and Homeowner Use Only" signs on everyone's doors. "That'll stop any burglars," CIA director Brennan said. "Not that there are any burglars. They're purely theoretical."

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    2. Re:Clueless... by youngatheart · · Score: 2

      Yes they do, and it's pretty much possible, and just as stupid as you imply. What it means is that we can expect government keys and government certs and compromises by and of the government implementing stupid things like this.

      We should be cheering for this. When people in power insist on something stupid, sometimes the best you can hope for is an example of bad things that happen when stupid people get their way. If we in the US are very, very, very lucky, maybe Santa will give us bad Russian consequences to point to in our attempts to keep our own government officials from being just as stupid.

  5. Actually This WIll Help by zenlessyank · · Score: 3

    Usher in new techniques. Say and think what you want, but Russian computer enthusiasts WILL find ways around this. And so will Chinese and American and Israeli etc. Let the new Digital War begin.

  6. Gilmore's Law no longer applies. by Anonymous Coward · · Score: 5, Interesting

    Gilmore famously said "The Net interprets censorship as damage and routes around it."

    Extend that concept a little to "... and Orwellian monitoring and social control", and we can talk about it.

    Gilmore may have been correct... at the time he said it. But that was in an era of the net being dominated by technically astute people, rather than the Facebookian masses, who appear perfectly happy to tolerate any degree of central control and monitoring.

    The internet no longer interprets these things as any sort of problem, and that allows nations like Russia, China, and many in the Middle East to use it as a tool of oppression, spying on their population, and trying to influence human behaviors. Also the US to use it as a means of constant surveillance of everyone, at all times.

    So where is the "circumvention" now? It's absent. Sure, you can find the occasional neckbeard bemoaning the state of things, but those people are one in tens of thousands. Slashdotters like to say, "But GPG through TOR relays through VPNS!!!one!!" as if that is something that 99.999% of the world even understands. Face it, the voice of people wanting an open and free internet is a drop in the ocean of people who Just Don't Care, or actively Want That Control because terrorists.

    So little by little, the walls close in. Each country is emboldened by the successes of the last who tried. Each step is not that big. Each little increment is tolerable. But in the end? The Internet That Was is destroyed, and the Internet That Is becomes more about being the ultimate tool of authoritarians.

    I don't live in Russia. I have several Russian friends in Moscow. I am sad for them, just like they are for me RE: NSA. And we're both powerless to do much but watch.

  7. Remember when the US could point fingers? by Anonymous Coward · · Score: 3, Insightful

    I remember a time when the US could point fingers at other countries abusing spying on their own citizens...

  8. Re:Lets see how American .com's deal with this by Somebody+Is+Using+My · · Score: 3, Insightful

    Will they cave, or will they stand tall? Because if they cave, the US and the world will follow Putin's lead.

    They'll cave because, except for a small subset of companies, most don't really care what sort of encryption they use (or if they encrypt at all) because it won't be the companies that pays the price for their short-sightedness. Rather than risk losing out on the Russian markets, companies will obediently use the Russian-blessed encryption. When the inevitable happens and somebody (be it criminal hackers or the Russian government) use the mandated backdoor to break into their servers, they'll just pass the cost onto their customers. If their customer database will be compromised - everybody's government identification number / credit-card numbers / health and medical information is out on the web - they will just do what every other company does in that situation: hide the breach for as long as they can and once they are found out send out an email with free 1-year "credit monitoring", as if that makes up for it. Of course, it might be the company's own information that gets stolen, but that stuff usually isn't as valuable to a company as they think it is; they'll maybe take a hit on the market, and make up for it by firing a bunch of their peons. Then it will just be back to business as usual.

    Of course, long-term these sorts of breaches can be devastating; international corporations will wonder why they keep losing out deals to locals who always seem to know what the foreign companies are up ahead of time (because you can bet the government will use this for corporate espionage to better the lot of their own constituents), but rare is the modern corporation that ever looks at anything long term. They'll be too terrified of losing out on those precious rubles today to worry that they might be knocked out of the market entirely tomorrow.

    Now, if we actually held companies accountable for these breaches - especially when using something as stupid as encryption with a guaranteed backdoor - and the company suffered financial or criminal sanctions for their actions, then maybe it would be a different story. But seeing as how the US government also wants its own backdoors, it's unlikely they'll criminalize anyone using encryption that has a secret government key anytime soon...