Interpreter Staff

IT Developer Kasparskaya Supports Government Decryption of Russian Internet; Navalny’s Fund Exposes Business Interests

September 26, 2016
Russia Update
Spotlight
The Bell
Natalya Kasperskaya, Russian IT developer and head of the InfoWatch group of companies, who reportedly supports the government's plan to decrypt Russian Internet traffic. Photo by Denis Vyshinsky/Kommersant

LIVE UPDATES: Natalya Kasperskaya, a prominent Russian IT entrepreneur and president of the InfoWatch group of companies said at a business conference today that the government “really was talking about decrypting and analyzing all Internet traffic of Russian citizens” and this was a good thing. Navalny’s Anti-Corruption Fund exposed her own business interest in selling DPI (deep packet inspection) software to the government.

Welcome to our column, Russia Update, where we will be closely following day-to-day developments in Russia, including the Russian government’s foreign and domestic policies.

The previous issue is here.

Recent Analysis and Translations:

– What Has Ramzan Kadyrov Been Up To? Quietly Cultivating Regional and Kremlin Officials, Now He Meets with Putin
– RBC Publishes Report Sourced in FSB and Military on Wagner Private Military Contractor with 2,500 Fighters in Syria
– Russian Parliamentary Elections Round-Up: Open Russia’s Baronova Registered; Shevchenko Disqualified
– The Kremlin is Working Hard to Make Donald Trump President

UPDATES BELOW

IT Developer Kasparskaya Supports Government Decryption of Russian Internet; Navalny’s Fund Exposes Her and Other Companies’ Business Interest
2016-09-26 20:45:15

Russia’s corner of the Internet has been abuzz this past week with a debate about what the government intends to do to implement the so-called Yarovaya Package, amendments to anti-terrorist legislation which will further restrict Internet and mobile phone liberties even further in Russia.

Irina Yarovaya, head of the State Duma’s Committee on the Constitution and her co-signer Senator Viktor Ozerov drafted laws extending the punishment for vaguely-defined “extremism,” controlling religious missionary work, and storing and analyzing citizens’ electronic communications to protect against terrorism. The law also mandated IT companies to turn over to the government the keys to any encryption companies.

Thus, not only does the government want the servers physically in Russia; they want the means to look at any content at will. 

Last week on September 21, the business daily Kommersant reported that the Federal Security Service was discussing with the Ministry of Communications and the Ministry of Industry the possibility of decrypting and analyzing all of Russia’s Internet traffic. Sources in the presidential administration as well as in the IT community told Kommersant that the storing encrypted data didn’t make sense, but that the FSB advocated decrypting all communications in real time according to certain parameters (i.e. looking for the word “bomb”) whereas the ministries advocated decrypting communications only of persons who had already come to the attention of law-enforcement. Likely the government would have to use “man-in-the-middle” attacks to get at some communications, the sources said.

Needless to say, many technologists jumped in to explain what a Herculean, if not impossible, task this would be.

Even Aleksandr Zharov, head of Roskomnadzor, Russia’s media oversight agency that essentially serves as state censor, had claimed in June that his agency “would not try to embrace the unembraceable” (in the Russian idiom connoting an impossibly huge task) but would only take test samples of communications using applications by social media companies and react to citizens’ complaints.

He noted that negotiations were under way with Google, Facebook and Twitter about requirements under Russian law to place any servers with Russian customer data on Russian soil, ostensibly to protect customers’ privacy. Critics have said the law only makes it easier for Russian intelligence to access Russians’ private communications. It’s not clear yet whether the social media companies will comply with the law but Zharov said some companies had already placed servers in Russia, and that this would help the booming Russian IT sector, especially companies specializing in data centers.

Leonid Volkov, program manager in the Anti-Corruption Fund led by Alexei Navalny, who founded the Society to Save the Internet has been regularly reporting on the implications of implementing the Yarovaya law. He noted that IT companies and the government were working on another piece of legislation to make the Russian Internet “sovereign,” i.e. totally under Russia’s control and impenetrable by outsiders.

Today, September 26, according to a report from Russia’s business daily Kommersant, Natalya Kasperskaya, a prominent Russian IT entrepreneur and president of the InfoWatch group of companies said the government “really was talking about decrypting and analyzing all Internet traffic of Russian citizens.” 

Kasperskaya was a founder of the security software company Kaspersky Lab, but left the company after she divorced its current head, Eugene Kaspersky over a “deep ideological divide.”

Kasperskaya is now a member of a presidential administration working group on Internet legislation issues called “IT and Sovereignty”. Under the Yarovaya law, the FSB is supposed to receive from Internet companies the means to decrypt all encrypted information, a task that has been avidly discussed in Russia media.

During the BIS Summit 2016 conference today, Kasperskaya commented, in a response to a query from Kommersant:
“The topic of the submission of SSL certificates to government agencies came up, Roskomnadzor and the FSB are lobbying for it, they need it. And the demand to submit the certificate is absolutely the right thing, because now we have a piece of the Internet which is entirely not under the control of the country itself, and that’s wrong.

The collection of data is being done at a global scale by many, and unfortunately these ‘many’ are beyond the borders of our state, and that is entirely wrong. You put a mobile device in your pocket — that’s it, your privacy ends there, let’s look at the truth directly here.”

Neither Roskomnadzor nor the FSB had a comment regarding Kasperskaya’s remarks for Kommersant this morning at press time, but late this afternoon, Gazeta reported that Roskomnadzor said it was not involved in the decryption project.

Vadim Ampelonsky, head of Roskomnadzor, said:
“We are not involved in that topic at all. This is a topic for the law-enforcement agencies.”

Ampelonsky noted that Kasperskaya, who was quoted as saying that Roskomnadzor and the FSB hoped to decrypt all the information in Russia’s Internet and obtain SSL certificates from all Russian Internet companies, had refuted her statement. But Gazeta was unable to confirm that Kasperskaya had done that, although Kasperskaya did say in another interview with the radio station BFM that “the media had distorted her words.”

Meanwhile, Kremlin spokesman Dmitry Peskov said the claim of harsher state control over the Internet “did not correspond with reality” and was being discussed in “hypertrophied form” in the media.

Volkov commented on Facebook that for Kasperskaya, a developer of information security programs, to say that the government should decrypt information was like a lock manufacturer advertising drills to break them.

Volkov said in a previous Facebook post that in order to tackle the Yarovaya law, the opposition had to expose the financial interests that stood to benefit from it.

Volkov also published a blog post today, following up on previous research on the figures who reportedly stand to benefit most from the Yarovaya Package, namely those selling data storage services.
He identified the influential Sokolov “mafia family” in St. Petersburg as those whose IT businesses could profit from the government’s demand to store all communications and make them available for FSB access. He noted that the father of the family, Valery Sokolov was a friend of Nikolai Patrushev, the former head of the FSB, current head of the Russian Security Council, and a colleague of Sergei Chemezov, head of Rostekh, the state defense company; the mother, Irina Sokolova was until recently a United Russia deputy in the State Duma; and their son, Aleksandr Sokolov, who previously worked in the FSB, now serves as a deputy of the minister of communications.
On September 2, Vedomosti reported that the National Center for Informatization (NTsI), a subsidiary of Rostekh, proposed making itself the sole manager of the system to store customer data and proposed paying for it by debiting fees from pension savings funds.
Three telecoms — MTS, Megafon, Vympelkom and Tele2 wrote Valentina Matvienko, then chair of the Federation Council that that cost for such storage could amount to 2.2 trillion rubles ($32 billion) and complained about the heavy cost of implementing the Yarovaya law.
The opposition appeared not to be the only ones interested in exposing these lucrative connections to the implementation of the law; a tabloid site called Ruspres published a document about a company registered by Valery Sokolov in Austria which the Anti-Corruption Fund confirmed. Volkov believes this is the first “compromising material” ever to be published about the Sokolov family and may have been intended to get Sokolova’s parliamentary mandate stripped under Russia’s law forbidding MPs and their families from owning foreign assets. 
Volkov noted the curious coincidences:
o On September 6, the Anti-Corruption Fund published their research on the Sokolov family and their financial interest in the Yarovaya legislation.
o On September 15, the tabloid newspaper, unrelated to the Fund published other sensations including the news of corporation registered abroad.
o On September 21, the FSB came out with a statement saying that it could not implement the Yarovaya legislation according to the plan drafted by Rostekh’s Chemezov because it would involve too great a challenge of data collection. The FSB said rather it would decode and analyze traffic “on the fly” and use DPI (deep packet inspection).
Volkov responded in a FB post at the time, noting that 50% of Russian Internet traffic is encrypted and the job of organizing hacker’s “man-in-the-middle” attacks — which is what the FSB would have to do — would be too great. He pointed out that Kazakhstan’s KazTelekom had told customers in 2015 that they all had to install a government certificate by 2016 but then withdrew the demand because they realized the Kazakh Internet would grind to a halt. Now Russia was discovering this.
Volkov said the beneficiaries of this plan would be Igor Ashmanov, co-chair of the Velkikoye Otechestvo (Great Fatherland) party, the political arm of NOD (the Russian Liberation Movement) and his wife, who happens to be Natalya Kasperskaya. Volkov said they had developed software for DPI inspection and semantic analysis and they wanted to sell this to the government.
He concluded that if originally, some business interests were going to be the winners of Yarovaya (data centers and developers of SORM, the FSB’s filtration software), now there would be others who would profit because the storage job was too vast and DPI would have to be substituted to penetrate citizens’ communications.

The “good news” was that the Yarovaya law would be very hard to implement and the FSB had realized that, but that they would then resort to cruder hacks — which would be easier for consumers to protect themselves from. The bad news is that they would still be exposed to government snooping.

But “while they [various business interests] fight among themselves (possibly with the use of firearms) nothing bad will happen to the Internet,” Volkov joked.

— Catherine A. Fitzpatrick