- ‘The Mandalorian’ opens up its mythology even further in ‘Chapter 2’ 3 Years Ago
- Want to buy a drone on a budget? We’ve got you covered 3 Years Ago
- ‘Simpsons’ writer accuses Republicans of stealing Sideshow Bob’s defense 3 Years Ago
- Keanu Reeves’ appearance in ‘SpongeBob Movie’ trailer quickly becomes a meme 3 Years Ago
- Charli XCX makes the band in Netflix’s ‘Nasty Cherry’ 3 Years Ago
- Taylor Swift’s distress call reignites fight with Scooter Braun and former label 3 Years Ago
- How to disable autoplay for previews and trailers on Disney+ Today 12:10 PM
- Trump accused of witness intimidation for tweets during impeachment hearing Today 11:48 AM
- Roger Stone convicted Today 11:34 AM
- FCC to replace comment system that got spammed during net neutrality fight Today 11:31 AM
- How to stream Mexico vs. Panama live in Concacaf Nations League Today 11:05 AM
- How to stream U.S. vs. Canada live in the Concacaf Nations League rematch Today 10:52 AM
- Dave Rubin freaks out over hoax that he didn’t eat this steak Today 10:37 AM
- 20 ugly sweaters that’ll make your spirits bright Today 10:32 AM
- A beginner’s guide to Mandalorians in the ‘Star Wars’ universe Today 10:02 AM
The FSB announced the capability on its website but the actual order, which would detail the process, was not made public.
One month ago, Russia passed a sweeping surveillance bill requiring encryption backdoor access for the state, among other expansive new spying rules. The legislation specifically pointed out apps like WhatsApp (which is owned by Facebook), Viber, and Telegram. Noncompliance can result in a fine of 1 million rubles—or $15,000—but it’s not clear how frequently that punishment can be levied.
WhatsApp, Viber, and Telegram representatives have repeatedly declined to comment on the new backdoor law in Russia.
Russia’s new surveillance reality is one of the most extreme moves in a global debate over encryption, privacy, and surveillance. What makes it even more incredible is the utter lack of transparency from the Russian government and businesses in the country.
“It’s important, but we don’t know what FSB actually suggested yet,” Anton Nesterov, a Russian technologist, explained to the Daily Dot in an email.
Actually, no one seems to know what this new law means in the slightest. Or, more accurately, the people who do know are keeping mum.
To illustrate just how much we don’t know, Nesterov has a long list of technical and legal questions he wants answered on the law:
In a way that it’s written in the law, it’s a disaster, and brings a lot of questions. Should SSL keys be shared? Ok, we can share SSL keys, but what about PFS?
Should it never be enabled, or we should patch openssl to keep track on session keys and then send billions of them to FSB? What about payment systems? I’m not sure if it’s allowed by Visa/MasterCard rules to share encryption keys with a third party.
How can leaks be prevented? Passing keys allows authorities not only to decode transmitted everyone’s information, including people who wasn’t original target [sic], but also to perform active attacks, which can be a major problem.
Should we share keys at request or at the time we started using it? What’s kind of transmitted data covered by this law? All kinds of data? Should we also share SSH keys, giving direct access to servers? Should we share VPN keys used by companies to connect to their internal networks?
These are the questions which should be answered by FSB decree, it’s internal documents and practice.
The one organization that did provide comment on this situation struck a defiant tone. Tor, the American-based and funded anonymity network, is decentralized around the globe.
“We encourage people to try anonymous, decentralized services based on
Tor, like OnionShare to share files, or Ricochet for instant messaging,” Tor representative Kate Krauss told the Daily Dot after the law was passed. “There is no data to retain and no central server to hack. Both are super easy to use and have a lot of fans.”
The new “anti-terrorism” legislation was signed into law earlier this month by Putin.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.