• United States




In Russia, Internet backdoors you

Jun 27, 20163 mins
Advanced Persistent ThreatsGovernmentInternet

I do so enjoy these moments where I can craft goofy headlines like that. In this case however, it’s spot on. While the entire world was watching the Brexit tire fire unfold, some news broke in Russia.

For a long time I would shake my head as I watched various governments, like Canada, try to roll out legislation that would allow for unfettered monitoring of people’s Internet access. More often than naught they would do so by invoking “protect the children” or something along that line.

All the while there was almost nothing in the aforementioned text of these pieces of legislation that would tackle the issues. Now, governments the world over are switching to the boogeyman of the day, terrorism. Is it a problem? Of course. But, they use this as a gas pedal to force through all manner of legislative nonsense.

Just this past Friday we saw this happen in Russia when they passed a similar law in the Duma.

From the DailyDot:

The “anti-terrorism” legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost.

Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB.

So, this is tackling all manner of messaging platforms like WhatsApp, Wickr, Skype and so on. Not that I’m even remotely surprised by this sort of behavior in general. But, it doesn’t bode well for companies trying to do business in Russia overall.

To say nothing of the safety of activists and, well, anyone with a differing point of view in Russia who uses programs like this. This law passed rather handily apparently with 277 voting in favour and 148 against the measures. The law comes with financial penalties for those who choose to disregard it.

From Current Time (translated from source):

“Failure to comply with the organizer of the dissemination of information on the Internet obligation to submit to the federal executive authority in the field of safety information required for decoding the received, sent, delivered or processed by electronic communications”, it is proposed to punish by a fine for citizens in the amount of 3 thousand. Up to 5 thousand. rubles for officials – from 30 thousand to 50 thousand rubles for legal entities -.. from 800 thousand to 1 million rubles, “-. stated in the bill.

They are now requiring that the software makers who create these applications provide the FSB with the ability to decode encrypted communications. You read that right. The FSB wants these companies to give them the ability to snoop on all communications.

Everything is fine. /sarcasm

So, who might be running afoul of this legislation? Well, all of them basically. Here is a list from the EFF that ranks the secure messaging platforms overall. Please note that this is an older scorecard and they are in the process of updating it at the time of this writing.

While this is not much of a surprise in Russia, I see rumblings for this sort of access in governments the world over. It is such a convenient scape goat to invoke terrorism as a rationale for stripping away the privacy of the people.

A disturbing trend to say the least.


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author