Russian Law Demanding User Data Remain On Russian Soil Could Turn Into A Ban On Apple Products
from the old-man-rattles-saber-at-cloud dept
The Russian government’s efforts to carve out its own internet continue. It’s never been shy about its interest in accessing (and censoring) internet users’ activity and data, what with its required registration for bloggers, demands for US-based companies to hand over user data and threats to block content stored on foreign servers — and that’s just since the beginning of this year.
A law outlawing the use of offshore servers to store Russian internet users’ data and content goes into effect at the beginning of 2015. That means popular products like Apple’s iPhone and iPad will all be technically violating Russian law with their automatic iCloud syncing.
This legislation can be partially blamed on the actions of Russia’s most famous guest.
As the adoptive home of Edward Snowden, Russia is all too aware that many of its citizens’ communications are stored on servers owned by the scary giants of Silicon Valley. Ultimately, the Kremlin is likely to be worried that cloud services offer the NSA a way to snoop on Russian citizens, state apparatchiks and perhaps even high ranking politicians.
The Russian government isn’t that concerned about its citizens being spied on by foreign agencies. It probably just hates the competition. But even acts of unbridled self-interest (state apparatchiks, high ranking politicians) occasionally result in net gains for the otherwise ignored public.
This ban will affect all US tech companies, but local coverage seems to imply that iPhone users will be the first to feel the results. The law effectively bans Apple’s products unless it switches iCloud services off for Russian users or decides to rent some space on local servers.
This is more Russian government control wearing the outward trappings of NSA backlash. As The Register notes, earlier this year the Russian government demanded Apple and SAP turn over source code, presumably to check it over for surveillance backdoors.
Other countries have announced their intention to purchase network technology and services from non-US companies in the wake of Snowden’s revelations, but much of the noise was there to deflect attention away from their own domestic surveillance programs. But in Russia’s case, its surveillance/control desires lay much closer to the surface, if not out in the open completely. This law doesn’t look much like NSA backlash. It looks like a convenient excuse for government expansion.
Filed Under: cloud, localization, russia, surveillance
Companies: apple
Comments on “Russian Law Demanding User Data Remain On Russian Soil Could Turn Into A Ban On Apple Products”
‘Russia has never been shy about its interest in accessing (and censoring) internet users’ activity and data’
and the difference between Russia, a communist, self-serving country, riddled with surveillance, often chastised for the lack of freedom and privacy of both citizens and businesses, and the USA, the UK, Australia and New Zealand, as well as many other supposed democratic countries is exactly what??
Re: Re:
Russia stopped being communist during the early Nineties when Boris Yeltzin became their president. It’s been an oligarchy since then. Do keep up, comrade.
Re: Re: Re:
One could argue that they were both communist and oligarchic before Gorbatchev and Yeltsin.
Re: Re: Re: Re:
I would say they were both fascist and oligarchic before and after Gorbachev and Yeltsin. Communism was just window dressing.
Re: Re: Re:2 Re:
Communism (or capitalism, for that matter) and fascism are not at all mutually exclusive.
Re: Re:
Russia tends to be more honest about their oppressive policies.
the new arms race
Edward Snowden’s NSA spying revelations caused probably the greatest shakeup to hit the Kremlin since the Hiroshima bomb. Suddenly, the Russian government realized that the American military-industrial complex was far more advanced than their own, and that they had better catch up fast or be left in the dust.
Because, like it or not, the United States sets the world standard. In just about everything, good, bad, … and ugly. And if the US gets away with spying on its own people (in a hundred different ways, no less) then of course that establishes a blueprint for every other country in the world to follow.
And the same way that the US started an arms race in nuclear technology, now the US has started what is sure to be another arms race, this time in digital spying technology. And then, as now, the Russians don’t want to be left behind.
Re: the new arms race
Re: Re: the new arms race
That’s not entirely true. Documents that have been declassified in the past few year indicate that we (the executive branch, anyway) knew full well that Russia was exaggerating.
Yes, I know Putin is Devil Incarnate, and I agree, but I simply can NOT blame countries for doing this. Not after NSA/US gov forced their hands to do this.
And yes I know Putin has other agendas with the data as well. But listen – it’s like this:
Say the US says “we’re against torture and we promote freedom of speech” – you countries X, Y and Z are BAD for doing torture and silencing opponents!
Maybe at least the people in those countries will see a point in US’s vision and demand the same kind of protections in their countries, too. But then US starts DOING torture and silencing critics. What credibility will US have then? ZERO.
Same with the data hosting. Whether Putin, China and others will use this data to crack down on their own citizens is an entirely different matter. But US GAVE THEM A REASON to adopt such laws, by stealing their users’ data THEMSELVES.
So as I said – can’t blame them AT ALL – no matter what they plan to do with the data – that’s an INTERNAL issue and the citizens of that country need to deal with it. But keeping the data internally is their prerogative.
Re: Re:
Fully agreed.
If you are going to lecture other countries on such matters then you must live up to your own hype. The US, UK and various other countries do not and yet still try to lecture. It is nonsense.
Re: Re: Re:
The pragmatic argument for why the US needs to operate in a moral fashion is exactly this: nobody will take your scolding seriously if you are no better.
Re: Re: Re: Re:
Well, the bullying-effect is still there, even if it works best when the hypocricy is on the down low.
Wider Implications?
So what about airlines and other such companies that maintain user preferences and profiles. If a Russian citizen has registered at Lufthansa.com for his seat,meal preferences does that data have to stay within Russia?
“This ban will affect all US tech companies…”
Will it? How exactly does Russia intend to enforce the law against US companies operating on US soil?
Re: Re:
Is So Possible
Re: Re:
From banning those companies from operating in Russia. Apple do still want to sell to Russians you know.
Re: Re:
I’m guessing the same way the US expects to enforce US law on Irish (Microsoft) or NZ (MegaUpload) soils. Seems appropriate, right?
unintended consequences
The US-spearheaded sanctions on Russia are having an unintended consequence: helping domestic (and state-owned) Russian companies compete where they couldn’t before. Maybe a ban on Boeing and Airbus planes will reinvigorate the Russian aircraft industry, which was wiped out by foreign competition.
I wonder if I need to visit Russia to get one of their credit cards that will be immune from US/EU blacklists?
http://rt.com/business/202839-russia-bank-issues-card/
That isn't what it says
Been following the law for a couple of months now and have talked to (but am not myself) lawyers. Short version – the law was poorly written/worded in the first place and domestic and international IT people have been telling them it was unworkable. Here is a good summary of this week’s new information (normal caveats apply, check the source, etc.) http://eng.rkn.gov.ru/news/news29.htm (not my site, but their info matches up with what I’m getting from different sources.
Guys, this is not correct. The Russian law will only become effective in 2016
That’s not a bad idea at all, actually. One of the most fundamental laws of cryptography and information security, Kerckhoff’s Principle, essentially states that you can’t trust any product to be secure if you can’t analyze the system. For software, that means getting the source.
Re: Re:
I agree with this in principle, but in practice it’s hard to see how it works. There would still have to be some mechanism that would allow you to be sure that the binaries you’re running were actually from the source code that you reviewed.
Asking to look at the source code doesn’t get you very much unless you also get to build it yourself and use that build.
Re: Re: Re:
And if you have the source, what’s stopping you from doing exactly that?
Re: Re: Re: Re:
Two things: the build system itself and the legal right.
What Russia very likely demanded and got is probably the same thing the the US government gets from the company that I work for: the ability to review the source code in controlled circumstances under observation, but not actual possession and control of the code. This is usually how these things are done.
Re: Re: Re:
Don’t forget about the compiler. Can you really trust it to compile your sources correctly? Did you compile the compiler yourself? And what did you use to compile the compiler?
Re: Re: Re: Re:
You’re correct, of course. Let’s not forget the famous Thompson login hack and the compiler modification that ensured it couldn’t be removed by recompilation: http://cm.bell-labs.com/who/ken/trust.html
It’s turtles all the way down. This is another reason why source code examination is insufficient if what you want is 100% assurance. However, if what you want is 100% assurance of anything, then you’re seeking the impossible.
From a security point of view, it is advisable to assume that all software and hardware is compromised and to put into place multiple layers of anomaly checking to make it as difficult as possible for hacks to go undetected if they’re used. You can’t get 100% security, but usually getting 99.9% is good enough.
It could leave a fag a ciarette choice in health.
And so the fragmentation of the web begins…
quis compiles ipsos compilers? or something
After the Snowden revelations
I’d trust my cloud data in Russian servers before I’d trust Apple, Google and Microsoft. Russia never claimed it was the bastion of freedom like the US has. Besides, I’d bet that there isn’t anyone in Russia who would know and/or care who I am anyway.
We should refer to Intelligence Agency officials as Apparatchiks, too.
No point
Sorry, Russia, there’s no point in keeping the data on your soil. NSA already has taps in all your servers.
Re: No point
Why don’t they just hack NSA? All the data they need and with a nice bow tie of a program to search it.
Re: Re: No point
I think the odds are excellent that they have (or have done the functional equivalent of it — such as having informants on the inside). but that doesn’t address the problem they’re worried about: they’re worried about counterintelligence — stopping adversaries from spying on them. hacking into NSA databases doesn’t address that.
Historically, the major nations have all so thoroughly infiltrated each other that they effectively have no secrets from each other anyway. Even that biggest of US secrets (that we know of) such as the development of nuclear weapons, spy satellites, etc,. were well known to the Soviets all along. And we knew theirs as well.
But that doesn’t stop every nation from trying to prevent that eventuality!
Remember also that the main purpose of governmental secrecy is not as much to prevent its enemies from learning the secrets (since they probably already know anyhow) as it is to prevent the citizens from learning them.
Re: Re: Re: No point
“Historically, the major nations have all so thoroughly infiltrated each other that they effectively have no secrets from each other anyway.”
If that were true, then the Iraq invasion would never have happened, because the US government would then have known the truth about the (phantom) nuclear, chemical, and biological weapon stockpiles that Iraq was supposedly amassing, as well as Iraq’s (non-existent) partnership with Al Quaide and (equally non-existent) plans to launch those weapons against the United States and therefore exterminate the population.
Bush Jr. was interviewed today promoting his new book, and once again on the subject of Iraq, he says he regrets nothing. Not even regretting the abysmal lack of intelligence — both within the Pentagon and between his ears.
Re: Re: Re:2 No point
“the US government would then have known the truth about the (phantom) nuclear, chemical, and biological weapon stockpiles that Iraq was supposedly amassing”
I think they did know.