Russia’s Hypocrisy on Snowden

June 27, 2013
Photo: Reuters

[This article, written in two parts, analyzes the attempts by Russia’s ruling party to restrict internet privacy, and compares the operations of the Russian Federation to the US PRISM program unveiled by Edward Snowden.—Ed.]

The harassment of non-profit organizations, the toughening of the law on public rallies, the teeth-gritting propaganda of the federal television channels, criminal cases against the non-system opposition and random people – all of this, it turns out, is not enough. In order to restore political stability in Russia, we have to treat not the symptoms, but liquidate the main “source of the threat” – the Internet.

Yes, without web activism, the denunciation of United Russia as the “party of crooks and thieves” would not have been possible, nor would [the expose of elections chief] Churov as a “magician”; the first mass rally on Bolotnaya Square on 10 December 2011; “pekhting” [officials owning real estate abroad like Vladimir Pekhtin]; “dissert-gate” [revelation that officials’ dissertations were plagiarized] and political protest as a whole, both explicit and implicit. Logic — that political protest has its objective reasons, and the Internet is no more than a technical channel for its expression – is alien to the avant-garde of our political elite. They have another narrative: if there were riots on Bolotnaya Square, then they were staged from abroad. If the Internet enabled the spread of revolutionary infection (see the experience of the “Arab Spring”), then obviously here, too, we must look for the hand of foreign intelligence agencies.

And we have found it! The global scandal that broke out after Washington’s admission that the CIA has free access to the servers of the major Internet companies, including the operators of social networks, responded in Russia with the predictable echo: shouldn’t we close our Internet from alien influence – naturally, with “the purpose of protecting the public?”

As has been his tradition, Deputy Sergei Zheleznyak introduced a progressive initiative. He would like all servers on which the personal information of the citizens of the Russian Federation are located and the data of all Russian government agencies to be located in the territory of our country.

Law-enforcers rejoiced the most at this idea. After all, any server on the territory of Russia can be “confiscated and attached” [to a criminal case], but their hands can’t reach abroad. But if Zheleznyak’s initiative is successful, the first thing that will have to be done is to close off access of Russians to Facebook and demand that Zuckerberg remove all existing accounts registered from the RU domain. That is essentially what is being demanded.

In that context, the previous ideas about registration on social networks with passport information seems relatively liberal. Most likely this latest initiative from Zheleznyak will not pass the Duma in its current form. Although the opposite scenario is also possible:  for example, access to the web only with the blessing of an authorized representative of the Russian Orthodox Church.

Formally, Zheleznyak’s latest proposal is not anything in particular. It is a proposal to pass “a law mandating that servers on which the personal data of Russia citizens and the official information of government agencies are stored should be placed on the territory of Russia” (the quotation is from RIA Novosti). But like many of his other initiatives, this proposal, if passed, would provide jobs for dozens of IT specialists and lawyers for years to come.

The quotation cited above at first provokes a puzzled question: “Do you mean the official information of Russian Federation government agencies is not kept on Russian servers even now?” If this is secret or simply private government information, then on the face of it, it is the most egregious violation of the principles of security, for which the relevant officials should be brought to trial – there is the statute on state secrets and other laws and also numerous agency instructions.

Now let us address the “personal data of Russian citizens.” The Internet is an international entity, and there is not a great difference (or to be more precise – no difference at all) between the places where territorially the server is located, from the perspective of storage security – under the condition that this data is protected in the proper manner. And if it is poorly protected, then inevitably, American intelligence or Chinese hackers steal it, regardless of where the server is physically located.

Another issue is the jurisdiction. Understandably, the servers physically located, for example, in California, fall under American law, and the intelligence agencies can obtain access to them with a court order. That is precisely why I called the storage of “official information of government agencies” on foreign servers an obvious breach of security. As for the “personal data of Russian citizens,” it is problematic, to put it lightly, to take out from under foreign jurisdiction data that is not in the archives of our government agencies.

The “personal data” referenced by Zheleznyak apparently means millions of Gmail addresses; the most popular Russian blogging service, Live Journal; Russian pages on Facebook; photographs and photo services on Picasa; and videos on YouTube. It is precisely from these services, and not from “the official information of government agencies,” that modern intelligence agencies extract the lion’s share of information about ordinary citizens – and citizens themselves naively post it there.

What law can be passed to protect this information? For this, as a minimum, the national sector of the Internet must be totally isolated from the rest of the World Wide Web and Russians must be prohibited from using foreign services altogether. Obviously, for the latest time, Zheleznyak decided to promote his radical isolationist approach to a field that is in its essence international – and hardly can become different. There is nothing else to see in his intervention. –Yury Revich

The FSB Through the “PRISM” of the CIA

Our intelligence agency also has access to the data kept on Internet company servers, obtaining information through operational and investigative measures.

The scandal provoked by the former National Security Agency employee Edward Snowden has reached even Russia. The Washington Post and other media reported that the NSA has direct access to the servers of nine major Internet companies, including Apple, Facebook, Google, Twitter, and Microsoft. According to Western media, the secret program is named PRISM.

Officials in Washington were forced to confirm that American intelligence agencies in fact do follow Internet users; however, it was emphasized that this is done exclusively for the purposes of national security and that agents have obtained information only about non-citizens of the US and persons who live outside US borders.

On Wednesday, 19 June, in the Council of the Federation of Russia, a meeting of the Commission on Development of the Information Society took place. The head of the Commission, the prominent Senator Ruslan Gattarov, stated that the practically unlimited access of American intelligence agencies to the personal data of social network services and other Internet companies violates the constitutional rights of all countries.

“Russia will not ignore the actions of the USA, which has permitted the leak of personal data of Russian citizens to which the intelligence agencies of this country had access,” said Konstantin Dolgov, Foreign Ministry Commissioner for Human Rights at a meeting of the commission.

Based on the conclusions of the commission meeting, a decision was made to create an inter-agency task force to investigate leaks of personal data from the servers of foreign internet companies to intelligence agencies of the US. Mr. Gattarov told journalists that the task force will be formed by the end of the week, and will include representatives from the Ministry of Communications, the Russian Federal Service for the Supervision of Communications, the Ministry of Economic Development, experts from the Kaspersky Lab, and the Russian Association of Electronic Communications.

During the meeting, the FSB was mentioned repeatedly. Gattarov, for example, believes that if the Internet companies cannot prove the integrity of the personal data of Russians; the Federal Service for Supervision of Communications must issue some sort of warning or levy a fine, and the FSB should inspect them.

Meanwhile, in June in Tushino District Court of Moscow, there was a sensation practically unnoticed by the media, although the scenario was virtually written as if by Edward Snowden. It turns out that Russian intelligence agencies also gain access to personal data and other information stored on the servers of Internet companies.

As Novaya Gazeta has already reported, a trial is underway at Tushino District Court against Pavel Vrublyovsky, the owner of the payments processing company Chronopay. The Internet businessman has been charged with organizing a distributed denial-of-service attack on the electronic ticket sales company of the airline Aeroflot (see Novaya Gazeta, no. 61, 7 June 2013). On 5 June, the court changed the measure of restraint for Vrublyovsky from a signed pledge not to leave town to arrest.

That same day, Federal Judge Natalya Lunina granted the petition of the prosecutor’s office to “seize from technical channels of communication” all of Vrublyovsky’s correspondence on the social network Facebook. The seizure was assigned to the Center for Information Security of the Federal Security Service (FSB). On Tuesday 18 June, the FSB’s Center fulfilled the assignment and submitted the correspondence of the suspect to the court. The document was quite long – 109 pages. In introducing the document, the FSB explained to the court that the servers of Facebook on are US territory and the FSB does not have access to them, but they were able to fulfill the court’s assignment “through conducting operational and investigative actions”.

Pavel Zaitsev, Pavel Vrublyovsky’s lawyer, believes that the FSB has grossly violated legal norms; therefore, the court permitted an exceptional seizure from technical communication channels, that is, an official seizure of document during which a record of the seizure must be made.

“The FSB’s Center for Information Security, in circumvention of international conventions and treaties, unlawfully obtained the necessary information through the help of operational and investigative actions, and hacked the server of the company Facebook in the US, about which they reported in their letter to the Tushino District Court of Moscow, noting that officially, such information could not be obtained otherwise,” Pavel Zaitsev told Novaya Gazeta.

Despite the objections of counsel regarding the unlawfulness of the obtaining of the correspondence, the court attached it to the materials of the case.

This precedent in Tushino District Court tells us that the FSB has the possibility of “taking” information from the servers of social networks outside of Russia – at a minimum, from Facebook’s servers. In that regard, most likely the Chekists (FSB) have even exceeded the CIA, which worked exclusively on its own territory, not infringing on the servers of Odnoklassniki, for example. Irek Murtazin