- How to stream Liverpool vs. Chelsea Friday 6:45 PM
- How to stream Real Madrid vs. Sevilla Friday 6:35 PM
- How to stream Peter ‘Kid Chocolate’ Quillin vs. Alfredo Angulo Friday 5:16 PM
- How to stream Barcelona vs. Granada Friday 4:50 PM
- ‘Atlantics’ tells a ghost story steeped with emotion and realism Friday 4:16 PM
- ‘Jojo Rabbit’ is a sweet, singular movie that loses its grip on satire Friday 3:40 PM
- Jordan Peterson is in rehab for Klonopin addiction Friday 3:34 PM
- The cat-worshipping turkey cult video, explained Friday 3:22 PM
- Despite legal threats and drama, the Area 51 desert event is on Friday 3:05 PM
- How to stream Yair Rodriguez vs. Jeremy Stephens on UFC Fight Night Friday 3:00 PM
- Twitter just launched its ‘Hide Replies’ feature Friday 1:59 PM
- How to turn off image metadata before it snitches on you Friday 1:36 PM
- The ‘Breaking Bad’ movie is coming to theaters—for one weekend only Friday 1:04 PM
- Teens recorded, shared videos of mall fight that ended in fatal stabbing Friday 12:44 PM
- How to stream Giants vs. Buccaneers in Week 3 Friday 12:31 PM
The FSB announced the capability on its website but the actual order, which would detail the process, was not made public.
One month ago, Russia passed a sweeping surveillance bill requiring encryption backdoor access for the state, among other expansive new spying rules. The legislation specifically pointed out apps like WhatsApp (which is owned by Facebook), Viber, and Telegram. Noncompliance can result in a fine of 1 million rubles—or $15,000—but it’s not clear how frequently that punishment can be levied.
WhatsApp, Viber, and Telegram representatives have repeatedly declined to comment on the new backdoor law in Russia.
Russia’s new surveillance reality is one of the most extreme moves in a global debate over encryption, privacy, and surveillance. What makes it even more incredible is the utter lack of transparency from the Russian government and businesses in the country.
“It’s important, but we don’t know what FSB actually suggested yet,” Anton Nesterov, a Russian technologist, explained to the Daily Dot in an email.
Actually, no one seems to know what this new law means in the slightest. Or, more accurately, the people who do know are keeping mum.
To illustrate just how much we don’t know, Nesterov has a long list of technical and legal questions he wants answered on the law:
In a way that it’s written in the law, it’s a disaster, and brings a lot of questions. Should SSL keys be shared? Ok, we can share SSL keys, but what about PFS?
Should it never be enabled, or we should patch openssl to keep track on session keys and then send billions of them to FSB? What about payment systems? I’m not sure if it’s allowed by Visa/MasterCard rules to share encryption keys with a third party.
How can leaks be prevented? Passing keys allows authorities not only to decode transmitted everyone’s information, including people who wasn’t original target [sic], but also to perform active attacks, which can be a major problem.
Should we share keys at request or at the time we started using it? What’s kind of transmitted data covered by this law? All kinds of data? Should we also share SSH keys, giving direct access to servers? Should we share VPN keys used by companies to connect to their internal networks?
These are the questions which should be answered by FSB decree, it’s internal documents and practice.
The one organization that did provide comment on this situation struck a defiant tone. Tor, the American-based and funded anonymity network, is decentralized around the globe.
“We encourage people to try anonymous, decentralized services based on
Tor, like OnionShare to share files, or Ricochet for instant messaging,” Tor representative Kate Krauss told the Daily Dot after the law was passed. “There is no data to retain and no central server to hack. Both are super easy to use and have a lot of fans.”
The new “anti-terrorism” legislation was signed into law earlier this month by Putin.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.