LIVE UPDATES: Natalya Kasperskaya, a prominent Russian IT entrepreneur and president of the InfoWatch group of companies said at a business conference today that the government “really was talking about decrypting and analyzing all Internet traffic of Russian citizens” and this was a good thing. Navalny’s Anti-Corruption Fund exposed her own business interest in selling DPI (deep packet inspection) software to the government.
Welcome to our column, Russia Update, where we will be closely following day-to-day developments in Russia, including the Russian government’s foreign and domestic policies.
The previous issue is here.
Recent Analysis and Translations:
– What Has Ramzan Kadyrov Been Up To? Quietly Cultivating Regional and Kremlin Officials, Now He Meets with Putin
– RBC Publishes Report Sourced in FSB and Military on Wagner Private Military Contractor with 2,500 Fighters in Syria
– Russian Parliamentary Elections Round-Up: Open Russiaâs Baronova Registered; Shevchenko Disqualified
– The Kremlin is Working Hard to Make Donald Trump President
Russia’s corner of the Internet has been abuzz this past week with a debate about what the government intends to do to implement the so-called Yarovaya Package, amendments to anti-terrorist legislation which will further restrict Internet and mobile phone liberties even further in Russia.
Irina Yarovaya, head of the State Duma’s Committee on the Constitution and her co-signer Senator Viktor Ozerov drafted laws extending the punishment for vaguely-defined “extremism,” controlling religious missionary work, and storing and analyzing citizens’ electronic communications to protect against terrorism. The law also mandated IT companies to turn over to the government the keys to any encryption companies.
Thus, not only does the government want the servers physically in Russia; they want the means to look at any content at will.
Needless to say, many technologists jumped in to explain what a Herculean, if not impossible, task this would be.
Even Aleksandr Zharov, head of Roskomnadzor, Russia’s media oversight agency that essentially serves as state censor, had claimed in June that his agency “would not try to embrace the unembraceable” (in the Russian idiom connoting an impossibly huge task) but would only take test samples of communications using applications by social media companies and react to citizens’ complaints.
He noted that negotiations were under way with Google, Facebook and Twitter about requirements under Russian law to place any servers with Russian customer data on Russian soil, ostensibly to protect customers’ privacy. Critics have said the law only makes it easier for Russian intelligence to access Russians’ private communications. It’s not clear yet whether the social media companies will comply with the law but Zharov said some companies had already placed servers in Russia, and that this would help the booming Russian IT sector, especially companies specializing in data centers.
Leonid Volkov, program manager in the Anti-Corruption Fund led by Alexei Navalny, who founded the Society to Save the Internet has been regularly reporting on the implications of implementing the Yarovaya law. He noted that IT companies and the government were working on another piece of legislation to make the Russian Internet “sovereign,” i.e. totally under Russia’s control and impenetrable by outsiders.
Today, September 26, according to a report from Russia’s business daily Kommersant, Natalya Kasperskaya, a prominent Russian IT entrepreneur and president of the InfoWatch group of companies said the government “really was talking about decrypting and analyzing all Internet traffic of Russian citizens.”
Kasperskaya was a founder of the security software company Kaspersky Lab, but left the company after she divorced its current head, Eugene Kaspersky over a “deep ideological divide.”
Kasperskaya is now a member of a presidential administration working group on Internet legislation issues called “IT and Sovereignty”. Under the Yarovaya law, the FSB is supposed to receive from Internet companies the means to decrypt all encrypted information, a task that has been avidly discussed in Russia media.
“The topic of the submission of SSL certificates to government agencies came up, Roskomnadzor and the FSB are lobbying for it, they need it. And the demand to submit the certificate is absolutely the right thing, because now we have a piece of the Internet which is entirely not under the control of the country itself, and that’s wrong.
The collection of data is being done at a global scale by many, and unfortunately these ‘many’ are beyond the borders of our state, and that is entirely wrong. You put a mobile device in your pocket — that’s it, your privacy ends there, let’s look at the truth directly here.”
Neither Roskomnadzor nor the FSB had a comment regarding Kasperskaya’s remarks for Kommersant this morning at press time, but late this afternoon, Gazeta reported that Roskomnadzor said it was not involved in the decryption project.
“We are not involved in that topic at all. This is a topic for the law-enforcement agencies.”
Ampelonsky noted that Kasperskaya, who was quoted as saying that Roskomnadzor and the FSB hoped to decrypt all the information in Russia’s Internet and obtain SSL certificates from all Russian Internet companies, had refuted her statement. But Gazeta was unable to confirm that Kasperskaya had done that, although Kasperskaya did say in another interview with the radio station BFM that “the media had distorted her words.”
Volkov commented on Facebook that for Kasperskaya, a developer of information security programs, to say that the government should decrypt information was like a lock manufacturer advertising drills to break them.
Volkov said in a previous Facebook post that in order to tackle the Yarovaya law, the opposition had to expose the financial interests that stood to benefit from it.
The “good news” was that the Yarovaya law would be very hard to implement and the FSB had realized that, but that they would then resort to cruder hacks — which would be easier for consumers to protect themselves from. The bad news is that they would still be exposed to government snooping.
But “while they [various business interests] fight among themselves (possibly with the use of firearms) nothing bad will happen to the Internet,” Volkov joked.
— Catherine A. Fitzpatrick