Russian parliament approves law requiring all internet companies to store data within the country

A new amendment put forward by Russia's Duma and signed into law by Russian president Vladimir Putin may see tech giants like Facebook, Google, and Twitter face a ban from the country unless they comply with new potentially privacy-invading regulations.

The "Information, Information Technologies and Protection of Information" amendment, which modifies Russia's existing anti-terrorism laws, would require any communications concerning a Russian citizen -- including tweets, status updates, and search histories -- to be physically stored within the country for potential use by Russian intelligence and security agencies like the FSB. At current, Russia can't legally access any data from foreign companies without submitting a legal request, which is likely to be denied. This amendment is an attempt to circumvent those regulations, but considering Russia's stored history with personal privacy and data rights, the potential for abuse is strong.

If internet companies don't physically store user data within Russia, they could face being banned from the country entirely -- which means services from companies like Google, Twitter, Facebook, and Microsoft would effectively cease to operate within Russia. Despite a difference in methodology, the potential law isn't far from recent incidents in other countries, like Turkey's sweeping ban of Twitter and Iraq's wide-ranging block of all social networks.

Earlier this year, a similar data retention law intended for the European Union was summarily struck down by the European Court of Justice, although the UK stated their intention to push forward emergency legislation which would invalidate the decision.

Source: CNETImage via Daily Dot

Report a problem with article
Previous Story

Man kicked off Southwest flight after tweeting about rude gate agent

Next Story

Sony agrees to $15m settlement for 2011 PSN attack

35 Comments

Commenting is disabled on this article.

Hello,

This will make it much easier for the Russian government to collect information under its SORM program.

Regards,

Aryeh Goretsky

google, facebook etc. just pull out of these countries.. if i was them i would not fall to any country regardless of a loss in revenue.

Ok. if a person makes a account with neowin and makes comments in the forum, does that mean that they have to have a server in russia?

Xenon said,
Ok. if a person makes a account with neowin and makes comments in the forum, does that mean that they have to have a server in russia?
Yes.
I guess the new Great Chinese Firewall is coming.

COKid said,
Actually, to me this makes a lot of sense. I wish more countries would do it.

How is Neowin going to be able to afford to host a sever in every country in the world? Or even 10% of countries?

No, it doesn't make sense for any business.

COKid said,
Actually, to me this makes a lot of sense. I wish more countries would do it.

This is exactly what I thought.

It makes sense for consumers, but not businesses. Why? Businesses everywhere are going to be blocked, so proxy usage is going to surge and that means privacy will be more freely available for us (plus blocking sites is going to be way easier to get around). On the other hand, businesses are going to lose potential customers that require a proxy to access their websites.

But yeah, the people who made the Internet never planned on laws this crazy being added.

Pluto is a Planet said,
It makes sense for consumers, but not businesses.
How does it make sense for Consumers? They will potentially losing out on access to any international sites that can't afford or don't want to host their data there.

It limits choice, It is the worst thing for consumers.

I don't think its for all websites of the world... Only for those that do business there...
Facebook, Google, Microsoft sell services there, they have Ad Customers etc...
Neowin doesn't do business in Russia... so anyone can access Neowin (and similar sites) and comment on articles without them reqqired to save it in Russia

Ryoken said,
How does it make sense for Consumers? They will potentially losing out on access to any international sites that can't afford or don't want to host their data there.

It limits choice, It is the worst thing for consumers.

Not when there will be proxies available to let you access these websites and get around the law. In reality, these laws will help prevent governments from spying since by using proxies, your location will basically be randomized from the perspective of the website you're trying to access.

visu9211 said,
I don't think its for all websites of the world... Only for those that do business there...
Facebook, Google, Microsoft sell services there, they have Ad Customers etc...
Neowin doesn't do business in Russia... so anyone can access Neowin (and similar sites) and comment on articles without them reqqired to save it in Russia

Neowin sells subscriptions to people who live in Russia.

And Neowin stores private data and private (direct) messages of Russian citizens that the Russian government might want to get at.

So Russian data needs to be hosted in Russia.. Seems like a ploy to sell Russian servers, or get international companies to put information on Russian-controlled servers. I'm feeling theres an ulterior motive behind this. Honestly I hope Facebook and Google ignore this request and get banned

Bigkaye said,
Seems like a ploy to sell Russian servers
Russia has no hardware vendors of its own, so not this idea.

Capy said,
Russia has no hardware vendors of its own, so not this idea.

I could have sworn a few weeks back I read an article about Russia trying to ban Intel/AMD chips from being used in the country, may have just been for government computers though.

Even without the hardware vendors, it would be a great boon to IT in Russia though, lots of new datacenters and DC space would need to be created.

Corey C said,

I could have sworn a few weeks back I read an article about Russia trying to ban Intel/AMD chips from being used in the country, may have just been for government computers though.
Yes. it was so, but according to no production and technology facilities, this would definitely be outsourced to China, get localized tags and then proudly presented as a great technological breakthrough with an insane price increase.

As for datacenters, the Duma has signed a lot of ridiculous laws prohibiting almost everything and the situation is highly politically affected. Keeping the hardware/software in the country is letting it be a potential hostage in case of some insane minister proposes some new crazy law.

So when Brazil does it its for the right to privacy protecting from the evil NSA, but when Russia does it its an attempt to ban and censor the internet.

sidroc said,
So when Brazil does it its for the right to privacy protecting from the evil NSA, but when Russia does it its an attempt to ban and censor the internet.

yup, was surprised by that. there's probably a dual purpose here but the choice of emphasis is interesting. on one hand we hate russia and automatically disprove of everything they do, but on the other hand we also hate the NSA and automatically approve of everything anybody does to thwart them. When it comes into conflict I guess the hate for russia wins out in the current political climate. I remember even a few weeks ago the russian law was framed as an anti-US-surveillance measure.

theyarecomingforyou said,
In other words they're doing exactly the same thing as countries like the UK and US.

At least the Russians are upfront about their complete disregard for civil rights, the West rambles about the importance of civil rights only to throw such values to the wind when they become inconvenient.

*hopes no one pulls out the old "if you've got nothing to hide, you've got nothing to fear" line*

theyarecomingforyou said,
In other words they're doing exactly the same thing as countries like the UK and US.

Do you think that this is a bad thing?

theyarecomingforyou said,
In other words they're doing exactly the same thing as countries like the UK and US.

Didn't know that my data was required by law to be stored in the US.

Enron said,

Didn't know that my data was required by law to be stored in the US.


Required to be stored in the US? No. Required that US feds can access your data no matter where in the world it resides without telling you and without a court case? Yes.

n_K said,

Required to be stored in the US? No. Required that US feds can access your data no matter where in the world it resides without telling you and without a court case? Yes.
You must not understand how the NSA has been spying... They've been spying through warrants they serve to businesses in the US. The biggest companies that you've seen admit they've had requests to access their data (Facebook, Twitter, Microsoft, Google, Apple, etc), are all based in the US.

So as long as the company isn't in the US, the NSA can't get to it.

Pluto is a Planet said,
You must not understand how the NSA has been spying... They've been spying through warrants they serve to businesses in the US. The biggest companies that you've seen admit they've had requests to access their data (Facebook, Twitter, Microsoft, Google, Apple, etc), are all based in the US.

So as long as the company isn't in the US, the NSA can't get to it.


Maybe you should think how data outside the US is encrypted when it goes between server and client.
Here's a huge hint; it's mostly all SSL based. Where do the vast majority of SSL certificates get uploaded, signed and sent to the customer... Would that be, the US? Wouldn't just so happen that VERISIGN (an american) company holds some of the most valuable key SSL certificates would it?
So no, the NSA doesn't need access to your servers to get your data if they want it, they just decode is using the master private SSL certificates when it's transmitted normally.

n_K said,

Maybe you should think how data outside the US is encrypted when it goes between server and client.
Here's a huge hint; it's mostly all SSL based. Where do the vast majority of SSL certificates get uploaded, signed and sent to the customer... Would that be, the US? Wouldn't just so happen that VERISIGN (an american) company holds some of the most valuable key SSL certificates would it?
So no, the NSA doesn't need access to your servers to get your data if they want it, they just decode is using the master private SSL certificates when it's transmitted normally.
If that was the case, why would they ask for warrants lmao?

Pluto is a Planet said,
If that was the case, why would they ask for warrants lmao?

When has the NSA ever asked for a warrant? They haven't. You're thinking of the police.
Do you think they asked angela (german chancellor) if they could spy on her or they just did it...