- This woman who thought she saw a handmaid about to jump from a building is very relieved 3 Years Ago
- Michael Avenatti allegedly defrauded Stormy Daniels to pay for a Ferrari 3 Years Ago
- HBO has no plans for an Arya Stark spinoff series 3 Years Ago
- Republicans and Democrats agree on dangers of facial recognition tech Today 3:18 PM
- Amazon is using video games and ‘swag bucks’ to incentivize workers Today 3:04 PM
- Here’s what’s coming and going on Netflix in June Today 2:46 PM
- This Michael Jackson makeup meme is sweeping TikTok Today 2:45 PM
- Homophobic preacher wants Pete Buttigieg to renounce fisting and rimming Today 2:33 PM
- ‘The Liar, the Snitch, and the War Crimes’: Twitter roasts news of Trump Jr. book deal Today 12:36 PM
- Polar Peak in Fortnite is cracking, and players think a dragon may be beneath the ice Today 12:07 PM
- ‘Rise of Skywalker’ first look reveals mysterious new characters Today 12:00 PM
- Meet the anti-choice, pro-NRA Trump supporter challenging Rep. Justin Amash Today 11:51 AM
- Moby attempts to prove he dated Natalie Portman with a shirtless photo Today 11:39 AM
- After feuding with James Charles, Tati Westbrook angers the YouTube community Today 11:06 AM
- Does Keri Russell’s ‘Rise of Skywalker’ character have an offensive name in Spanish? Today 10:59 AM
Russia begins collecting encryption keys while internet companies, like Facebook, stay silent
So far, WhatsApp, Viber, and Telegram haven’t said a public word.
The FSB announced the capability on its website but the actual order, which would detail the process, was not made public.
One month ago, Russia passed a sweeping surveillance bill requiring encryption backdoor access for the state, among other expansive new spying rules. The legislation specifically pointed out apps like WhatsApp (which is owned by Facebook), Viber, and Telegram. Noncompliance can result in a fine of 1 million rubles—or $15,000—but it’s not clear how frequently that punishment can be levied.
WhatsApp, Viber, and Telegram representatives have repeatedly declined to comment on the new backdoor law in Russia.
Russia’s new surveillance reality is one of the most extreme moves in a global debate over encryption, privacy, and surveillance. What makes it even more incredible is the utter lack of transparency from the Russian government and businesses in the country.
“It’s important, but we don’t know what FSB actually suggested yet,” Anton Nesterov, a Russian technologist, explained to the Daily Dot in an email.
Actually, no one seems to know what this new law means in the slightest. Or, more accurately, the people who do know are keeping mum.
To illustrate just how much we don’t know, Nesterov has a long list of technical and legal questions he wants answered on the law:
In a way that it’s written in the law, it’s a disaster, and brings a lot of questions. Should SSL keys be shared? Ok, we can share SSL keys, but what about PFS?
Should it never be enabled, or we should patch openssl to keep track on session keys and then send billions of them to FSB? What about payment systems? I’m not sure if it’s allowed by Visa/MasterCard rules to share encryption keys with a third party.
How can leaks be prevented? Passing keys allows authorities not only to decode transmitted everyone’s information, including people who wasn’t original target [sic], but also to perform active attacks, which can be a major problem.
Should we share keys at request or at the time we started using it? What’s kind of transmitted data covered by this law? All kinds of data? Should we also share SSH keys, giving direct access to servers? Should we share VPN keys used by companies to connect to their internal networks?
These are the questions which should be answered by FSB decree, it’s internal documents and practice.
The one organization that did provide comment on this situation struck a defiant tone. Tor, the American-based and funded anonymity network, is decentralized around the globe.
“We encourage people to try anonymous, decentralized services based on
Tor, like OnionShare to share files, or Ricochet for instant messaging,” Tor representative Kate Krauss told the Daily Dot after the law was passed. “There is no data to retain and no central server to hack. Both are super easy to use and have a lot of fans.”
The new “anti-terrorism” legislation was signed into law earlier this month by Putin.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.