If a Russian citizen sends an SMS message, his or her telecommunications provider will keep a copy of that message for six months. And the metadata — who texted who when, and from what device — will be on file for three years. And any service that offers encrypted communications needs to help the police unscramble messages, or face a $15,000 fine.
All that and more is wrapped in a piece of legislation passed by the State Duma, which is the lower house of the Russian legislature, Ars Technica is reporting. Now it needs to pass the Federation Council, the upper house of the legislation, before being passed by President Vladimir Putin.
At least one Russian resident, NSA leaker Edward Snowden, is speaking out.
Mass surveillance doesn't work. This bill will take money and liberty from every Russian without improving safety. It should not be signed.
— Edward Snowden (@Snowden) June 25, 2016
Snowden added that, in addition to encroaching on privacy, the measures are impractical, and require a massive buildup of storage capacity by telecommunications companies.
Three such companies, MTS, Megafon and Vimpelcom, agree, and have publicly rejected the proposal as impractical, going so far as to say it’s financially impossible to implement.
And the encryption measures aren’t likely to be effective, either. Any online service, from messenger apps to websites, has to help the Federal Security Service decipher messages sent by its users. But there are plenty of ways to send encrypted messages without involving third parties, as we’re sure many Russian cyber-criminals are aware. The law puts a great deal of burden on sites that offer users security without much of a law enforcement payoff.
Of course, this isn’t a uniquely Russian issue. The US government has flirted with banning encryption at times, and the FBI tried to force Apple to decrypted an iPhone not so long ago. But it’s disturbing to see digital rights encroached anywhere.
- Encryption-busting law passed in Australia may have global privacy implications
- Latest SMS breach could allow hackers access to your online accounts
- What is RCS messaging? Here’s all you need to know about the successor to SMS
- Smishing sounds funny, but it’s a serious threat to your phone’s security
- Quora hit by data breach affecting around 100 million users