New Russian law to force service providers to decrypt encrypted comms

An extremely wide-ranging anti-terrorism law has been passed last week by the lower house of the Russian Federal Assembly (i.e. parliament), and it is widely expected to pass the upper house without a hitch and be signed into law by president Putin within the next few weeks.

Russian law

Proposed by right-wing politician Irina Yarovaya, the new law will bring tougher punishments for extremism and international terrorism, make failure to report a crime, as well as justifying terrorism on social media a criminal offense; but also force telecoms and ISPs to store data and metadata for years, and online services that offer encrypted communication to help the Russian intelligence agency (the FSB) to decipher any message sent by its users.

According to Russian news outlet Meduza, the new law will require telecoms to store records of all calls and text messages exchanged between customers for a period of six months, and all metadata of these communications for three years.

“Organizers of information distribution on the Internet,” a category of service providers that has yet to be completely defined and populated, will have to store metadata for one year.

Those information distributors that offer encrypted communications and information will have to aid the FSB in decrypting it and will be fined if they refuse to do so.

While the final version of the law does not contain the proposed sanctions of revoking people’s citizenship and right to leave the country if they have been convicted of certain crimes, the rest of the legislation is still pretty extreme.

NSA whistleblower Edward Snowden, currently residing in Moscow after being offered asylum in 2013, described the new “Big Brother” law as “an unworkable, unjustifiable violation of rights that should never be signed.”

“‘Store 6 months of content’ is not just dangerous, it’s impractical,” he noted. “What is that, ~100PB of storage for even a tiny 50Gbps ISP?”

Some of the largest Russian telecoms have expressed their opposition to the law, saying that the additional infrastructure that would have to build to comply with it would be too costly. And the company behind Russian search engine Yandex said it would excessively limit the rights of both companies and users.

Don't miss