Russian Law Demanding User Data Remain On Russian Soil Could Turn Into A Ban On Apple Products

from the old-man-rattles-saber-at-cloud dept

The Russian government's efforts to carve out its own internet continue. It's never been shy about its interest in accessing (and censoring) internet users' activity and data, what with its required registration for bloggers, demands for US-based companies to hand over user data and threats to block content stored on foreign servers -- and that's just since the beginning of this year.

A law outlawing the use of offshore servers to store Russian internet users' data and content goes into effect at the beginning of 2015. That means popular products like Apple's iPhone and iPad will all be technically violating Russian law with their automatic iCloud syncing.

This legislation can be partially blamed on the actions of Russia's most famous guest.

As the adoptive home of Edward Snowden, Russia is all too aware that many of its citizens' communications are stored on servers owned by the scary giants of Silicon Valley. Ultimately, the Kremlin is likely to be worried that cloud services offer the NSA a way to snoop on Russian citizens, state apparatchiks and perhaps even high ranking politicians.
The Russian government isn't that concerned about its citizens being spied on by foreign agencies. It probably just hates the competition. But even acts of unbridled self-interest (state apparatchiks, high ranking politicians) occasionally result in net gains for the otherwise ignored public.

This ban will affect all US tech companies, but local coverage seems to imply that iPhone users will be the first to feel the results. The law effectively bans Apple's products unless it switches iCloud services off for Russian users or decides to rent some space on local servers.

This is more Russian government control wearing the outward trappings of NSA backlash. As The Register notes, earlier this year the Russian government demanded Apple and SAP turn over source code, presumably to check it over for surveillance backdoors.

Other countries have announced their intention to purchase network technology and services from non-US companies in the wake of Snowden's revelations, but much of the noise was there to deflect attention away from their own domestic surveillance programs. But in Russia's case, its surveillance/control desires lay much closer to the surface, if not out in the open completely. This law doesn't look much like NSA backlash. It looks like a convenient excuse for government expansion.

Filed Under: cloud, localization, russia, surveillance
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Nov 2014 @ 7:02am

    'Russia has never been shy about its interest in accessing (and censoring) internet users' activity and data'

    and the difference between Russia, a communist, self-serving country, riddled with surveillance, often chastised for the lack of freedom and privacy of both citizens and businesses, and the USA, the UK, Australia and New Zealand, as well as many other supposed democratic countries is exactly what??

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 7:10am

    the new arms race

    Edward Snowden's NSA spying revelations caused probably the greatest shakeup to hit the Kremlin since the Hiroshima bomb. Suddenly, the Russian government realized that the American military-industrial complex was far more advanced than their own, and that they had better catch up fast or be left in the dust.

    Because, like it or not, the United States sets the world standard. In just about everything, good, bad, ... and ugly. And if the US gets away with spying on its own people (in a hundred different ways, no less) then of course that establishes a blueprint for every other country in the world to follow.

    And the same way that the US started an arms race in nuclear technology, now the US has started what is sure to be another arms race, this time in digital spying technology. And then, as now, the Russians don't want to be left behind.

    reply to this | link to this | view in chronology ]

    • identicon
      JEDIDIAH, 7 Nov 2014 @ 7:28am

      Re: the new arms race

      > And the same way that the US started an arms race in nuclear technology,

      No. That was Kruschev blustering about missile production he didn't have. We took him at his word because at the time we didn't have the spy tech to contradict him.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 7 Nov 2014 @ 7:52am

        Re: Re: the new arms race

        That's not entirely true. Documents that have been declassified in the past few year indicate that we (the executive branch, anyway) knew full well that Russia was exaggerating.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 7:33am

    Yes, I know Putin is Devil Incarnate, and I agree, but I simply can NOT blame countries for doing this. Not after NSA/US gov forced their hands to do this.

    And yes I know Putin has other agendas with the data as well. But listen - it's like this:

    Say the US says "we're against torture and we promote freedom of speech" - you countries X, Y and Z are BAD for doing torture and silencing opponents!

    Maybe at least the people in those countries will see a point in US's vision and demand the same kind of protections in their countries, too. But then US starts DOING torture and silencing critics. What credibility will US have then? ZERO.

    Same with the data hosting. Whether Putin, China and others will use this data to crack down on their own citizens is an entirely different matter. But US GAVE THEM A REASON to adopt such laws, by stealing their users' data THEMSELVES.

    So as I said - can't blame them AT ALL - no matter what they plan to do with the data - that's an INTERNAL issue and the citizens of that country need to deal with it. But keeping the data internally is their prerogative.

    reply to this | link to this | view in chronology ]

    • identicon
      Call me Al, 7 Nov 2014 @ 8:48am

      Re:

      Fully agreed.

      If you are going to lecture other countries on such matters then you must live up to your own hype. The US, UK and various other countries do not and yet still try to lecture. It is nonsense.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 7 Nov 2014 @ 8:50am

        Re: Re:

        The pragmatic argument for why the US needs to operate in a moral fashion is exactly this: nobody will take your scolding seriously if you are no better.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 8:13am

    Wider Implications?

    So what about airlines and other such companies that maintain user preferences and profiles. If a Russian citizen has registered at Lufthansa.com for his seat,meal preferences does that data have to stay within Russia?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 8:21am

    "This ban will affect all US tech companies..."

    Will it? How exactly does Russia intend to enforce the law against US companies operating on US soil?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 8:31am

    unintended consequences

    The US-spearheaded sanctions on Russia are having an unintended consequence: helping domestic (and state-owned) Russian companies compete where they couldn't before. Maybe a ban on Boeing and Airbus planes will reinvigorate the Russian aircraft industry, which was wiped out by foreign competition.

    I wonder if I need to visit Russia to get one of their credit cards that will be immune from US/EU blacklists?

    http://rt.com/business/202839-russia-bank-issues-card/

    reply to this | link to this | view in chronology ]

  • icon
    JustMe (profile), 7 Nov 2014 @ 9:11am

    That isn't what it says

    Been following the law for a couple of months now and have talked to (but am not myself) lawyers. Short version - the law was poorly written/worded in the first place and domestic and international IT people have been telling them it was unworkable. Here is a good summary of this week's new information (normal caveats apply, check the source, etc.) http://eng.rkn.gov.ru/news/news29.htm (not my site, but their info matches up with what I'm getting from different sources.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 9:52am

    Guys, this is not correct. The Russian law will only become effective in 2016

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 7 Nov 2014 @ 10:51am

    As The Register notes, earlier this year the Russian government demanded Apple and SAP turn over source code, presumably to check it over for surveillance backdoors.

    That's not a bad idea at all, actually. One of the most fundamental laws of cryptography and information security, Kerckhoff's Principle, essentially states that you can't trust any product to be secure if you can't analyze the system. For software, that means getting the source.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 7 Nov 2014 @ 12:15pm

      Re:

      I agree with this in principle, but in practice it's hard to see how it works. There would still have to be some mechanism that would allow you to be sure that the binaries you're running were actually from the source code that you reviewed.
      Asking to look at the source code doesn't get you very much unless you also get to build it yourself and use that build.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 7 Nov 2014 @ 1:08pm

        Re: Re:

        And if you have the source, what's stopping you from doing exactly that?

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 8 Nov 2014 @ 8:33am

          Re: Re: Re:

          Two things: the build system itself and the legal right.

          What Russia very likely demanded and got is probably the same thing the the US government gets from the company that I work for: the ability to review the source code in controlled circumstances under observation, but not actual possession and control of the code. This is usually how these things are done.

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Nov 2014 @ 2:46pm

        Re: Re:

        Don't forget about the compiler. Can you really trust it to compile your sources correctly? Did you compile the compiler yourself? And what did you use to compile the compiler?

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 8 Nov 2014 @ 8:40am

          Re: Re: Re:

          You're correct, of course. Let's not forget the famous Thompson login hack and the compiler modification that ensured it couldn't be removed by recompilation: http://cm.bell-labs.com/who/ken/trust.html

          It's turtles all the way down. This is another reason why source code examination is insufficient if what you want is 100% assurance. However, if what you want is 100% assurance of anything, then you're seeking the impossible.

          From a security point of view, it is advisable to assume that all software and hardware is compromised and to put into place multiple layers of anomaly checking to make it as difficult as possible for hacks to go undetected if they're used. You can't get 100% security, but usually getting 99.9% is good enough.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 11:34am

    It could leave a fag a ciarette choice in health.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 7 Nov 2014 @ 2:28pm

    And so the fragmentation of the web begins...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Nov 2014 @ 3:15pm

    quis compiles ipsos compilers? or something

    reply to this | link to this | view in chronology ]

  • identicon
    Ismail, 7 Nov 2014 @ 5:49pm

    After the Snowden revelations

    I'd trust my cloud data in Russian servers before I'd trust Apple, Google and Microsoft. Russia never claimed it was the bastion of freedom like the US has. Besides, I'd bet that there isn't anyone in Russia who would know and/or care who I am anyway.

    reply to this | link to this | view in chronology ]

  • identicon
    Dianna Fienstein, 7 Nov 2014 @ 9:13pm

    We should refer to Intelligence Agency officials as Apparatchiks, too.

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 7 Nov 2014 @ 10:57pm

    No point

    Sorry, Russia, there's no point in keeping the data on your soil. NSA already has taps in all your servers.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Nov 2014 @ 11:12am

      Re: No point

      Why don't they just hack NSA? All the data they need and with a nice bow tie of a program to search it.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 8 Nov 2014 @ 11:40am

        Re: Re: No point

        I think the odds are excellent that they have (or have done the functional equivalent of it -- such as having informants on the inside). but that doesn't address the problem they're worried about: they're worried about counterintelligence -- stopping adversaries from spying on them. hacking into NSA databases doesn't address that.

        Historically, the major nations have all so thoroughly infiltrated each other that they effectively have no secrets from each other anyway. Even that biggest of US secrets (that we know of) such as the development of nuclear weapons, spy satellites, etc,. were well known to the Soviets all along. And we knew theirs as well.

        But that doesn't stop every nation from trying to prevent that eventuality!

        Remember also that the main purpose of governmental secrecy is not as much to prevent its enemies from learning the secrets (since they probably already know anyhow) as it is to prevent the citizens from learning them.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Nov 2014 @ 10:29pm

          Re: Re: Re: No point

          "Historically, the major nations have all so thoroughly infiltrated each other that they effectively have no secrets from each other anyway."

          If that were true, then the Iraq invasion would never have happened, because the US government would then have known the truth about the (phantom) nuclear, chemical, and biological weapon stockpiles that Iraq was supposedly amassing, as well as Iraq's (non-existent) partnership with Al Quaide and (equally non-existent) plans to launch those weapons against the United States and therefore exterminate the population.

          Bush Jr. was interviewed today promoting his new book, and once again on the subject of Iraq, he says he regrets nothing. Not even regretting the abysmal lack of intelligence -- both within the Pentagon and between his ears.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 10 Nov 2014 @ 7:56am

            Re: Re: Re: Re: No point

            "the US government would then have known the truth about the (phantom) nuclear, chemical, and biological weapon stockpiles that Iraq was supposedly amassing"

            I think they did know.

            reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.