Russia Orders LinkedIn's Service To Be Blocked, Supposedly For Failing To Store Personal Data Locally

from the think-globally,-act-locally dept

Techdirt has written plenty of stories about Vladimir Putin's increasingly harsh clampdown on Internet freedom. But, like China, Russia is still coming up with new ways to tighten its control. One is the legal requirement that the personal data of Russian citizens must be stored on Russian soil. Now, a US company has fallen afoul of that 2015 law:

Russia's communications regulator [Roskomnadzor] ordered public access to LinkedIn's website to be blocked today (17 November) to comply with a court ruling that found the social networking firm guilty of violating data storage laws.
According to the EurActiv story, the ban is being put in place immediately:
LinkedIn's site will be blocked within 24 hours, the Interfax news agency cited Roskomnadzor spokesman Vadim Ampelonsky as saying. One internet service provider, Rostelcom, said it had already blocked access to the site.
What's curious is that LinkedIn is not the only US company to have flouted Russia's data localization law: both Google and Facebook have also ignored it. A post on NBC News suggests the following is the reason for that discrepancy:
A spokesman for the [Roskomnadzor] watchdog had earlier said that LinkedIn was punished for alleged leaks of user data, Russian media reported.

Information about 120 million LinkedIn user accounts was stolen in 2012, the attack reportedly blamed on Russian hackers.
Irrespective of the messy details of the LinkedIn case, requirements that personal data must be stored locally are likely to become an increasingly hot topic. Already, the EU is unwilling to finalize the Trade in Services Agreement (TISA) in part because of US demands that it should include unrestrained data flows -- something that could be illegal under EU privacy laws if applied to personal information.

With the person who will soon run the CIA keen on expanded government spying powers, it is almost certain that the current Privacy Shield framework, which allows the personal data of EU citizens to be sent to the US, will be struck down by the Court of Justice of the European Union. If that happens, the only way companies like Google, Facebook -- and LinkedIn -- would be able to operate in the EU would be to store their data on the continent. If they fail to comply, they won't be blocked, as in Russia, but they could be hit with a fine of up to 4% of their global turnover.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Vikarti Anatra (profile), 21 Nov 2016 @ 4:10am

    It's arleady blocked several days ago.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2016 @ 4:26am

    Easy to comply...

    It's easy to comply: store the data encrypted in Russia, have the operations done in California. Then get some auditors to verify your setup.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Nov 2016 @ 5:18am

      Re: Easy to comply...

      Unfortunately that wouldn't necessarily solve the problem that's the stated purpose of such laws: Keeping the USG's hands off of the data of foreign people. Remember that the USG has argued in court that if any part of a company is located in the US then it can be ordered to provide data located in different countries, so long as it's under the same 'parent' company.

      So sure the data may be stored in Russia, but that wouldn't prevent the USG from demanding that the US-based part of the company provide it if such was demanded via court order.

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 21 Nov 2016 @ 5:41am

        Re: Re: Easy to comply...

        It would actually solve the problem since the data is stored locally as the law demands. However, this would only spawn new laws to deal with the encryption parts.

        That the US has shot themselves in the foot repeatedly with the illegal mass surveillance is another story. The Kremlin (and many others, including those within the EU) are just using this as an excuse for greater control and surveillance on their own citizenry. So basically the US has done more harm to freedom than any other country could have.

        reply to this | link to this | view in chronology ]

  • icon
    Richard M (profile), 21 Nov 2016 @ 4:40am

    I hate to sound pro Russian but....

    You can not really blame Russia, the EU, and other countries from not wanting all the info on their citizens stored in the US.

    Even ignoring the getting hacked aspect of the situation the US Govt has shown that it does not care about privacy at all and is more than willing to scoop up any and all information within reach regardless of what any law or the Constitution says.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Nov 2016 @ 5:13am

      Re: I hate to sound pro Russian but....

      I don't see it as blame so much as 'This is a hassle for companies and can create problems. What would have taken one database for people from any country now requires one per country, located in that country, increasing costs to the point that it might not even be viable to offer service there.'

      Not wanting the USG to have easy access after they've made it clear that they are absolutely not to be trusted with such makes perfect sense to be sure(though it's important to remember that the countries involved tend to be just as bad), but it does make things difficult for the companies to comply, potentially preventing services that might have otherwise existed.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Nov 2016 @ 5:20am

        Re: Re: I hate to sound pro Russian but....

        Storing locally only solves part of the problem, as a full copy of the database on US soil, or simply copying straight to Bluffdale renders such laws moot.
        How long before some countries simply ban US companies from operating within their jurisdiction.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 21 Nov 2016 @ 5:35am

          Re: Re: Re: I hate to sound pro Russian but....

          Quite possible, between politicians trying to demonize and destroy encryption and the spy agencies grabbing everything they can get their hands on with no restraint, they certainly seem to be doing everything they can to undermine and destroy the US tech sector and drive any such developments and companies overseas into other countries.

          reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 21 Nov 2016 @ 5:37am

          Re: Re: Re: I hate to sound pro Russian but....

          Bah, and of course I think of the perfect header for that comment immediately after I click submit...

          'We must destroy the US tech sector in order to protect it from those in other countries that would seek to destroy it'

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Nov 2016 @ 7:11am

            Re: Re: Re: Re: I hate to sound pro Russian but....

            > 'We must destroy the US tech sector in order to protect it from those in other countries that would seek to destroy it'

            'Sometimes you must destroy a village in order to save it'.

            reply to this | link to this | view in chronology ]

      • icon
        crade (profile), 21 Nov 2016 @ 11:58am

        Re: Re: I hate to sound pro Russian but....

        I think proper the solution to this problem is to establish a minimum international privacy standard, then change the wording of your laws from "data stored [transferred, etc, etc] locally" to "data stored [transferred, etc, etc] in locations adhering to these minimum privacy standards.

        This would remove any protectionism and still accomplish the goal of ensuring citizens privacy.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2016 @ 5:59am

    I don't see a problem here

    The US, and much of Europe too, has shown a great propensity to mine every piece of data everywhere. So any one country distrusting the rest is to be expected. Governments of the "free world" are to blame and yet somehow expected to "fix" the problem. The problem they created.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2016 @ 6:45am

    LinkedIn broke Russian computer laws?

    Considering that the US expects other countries to extradite their citizens to the US for breaking US computer laws, I wonder if the US would extradite a US citizen to Russia for breaking Russian computer laws.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2016 @ 10:46am

    Regardless of the thought process behind Russia's moves, the writing is on the wall about data storage in the future. It's also not just the US engaging in heavy handed practices and sweeping mass snooping. Other European powers are enacting similar rules for domestic and international spying as well. The UK recently passed an incredibly intrusive spy bill. The French have been engaging in domestic spying for years already. You're going to see arguments on both sides of the fences, pro-surveillance and pro-privacy, proposing and enacting laws to keep citizen data local and under local jurisdiction both to enable local oversight for whatever reason and to ostensibly hinder international interference.

    reply to this | link to this | view in chronology ]

  • icon
    DSchneider (profile), 21 Nov 2016 @ 11:51am

    Local Copy

    Information about 120 million LinkedIn user accounts was stolen in 2012, the attack reportedly blamed on Russian hackers.

    So what you're saying is the data IS already stored locally, they just want an updated copy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2016 @ 12:16pm

    (We seem to have similar concerns, so I'm pinning my own comment to yours, fellow Coward.)

    Not to detract from the details noted in this article, which I find interesting, I consider the bigger story here to be the forces driving data localization requirements---what exactly are they? I suspect the driving forces are unlikely to dissipate any time soon, so it is important to understand them well.

    While in search of that understanding, it would be unfortunate to allow the narrative to be entirely hijacked or diverted by nationalistic propaganda (in its many variants, American, Russian, Chinese, etc), or partially masked by considering only the interests of huge service providers (Microsoft, Google, Facebook, etc).

    Can peer-to-peer networks provide solutions consistent with these predictable localization requirements? Is my suspicion correct, that the Big-Boy interests noted above might be hostile to any that might arise?

    Just wondering.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2016 @ 6:18pm

    Microsoft has resisted this in court ,the doj says it should be able to acess email stored in servers in
    microsofts irish headquarters .
    IS it not reasonable for the eu to ask that an person in the eu should have data stored on a eu server ,
    that is not easily acessed by the nsa or other american government employees .
    I,m sure facebook can afford to build servers in the eu.
    it,s an accident of history that most big tech companys
    are us based .

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Nov 2016 @ 12:09am

    The DOJ will reap what it has sown. Hell, even my DNS server is located out of country. I use tor and a VPN on most occasions but do have a few dead social site accounts. If you want to take me out Mr. President your predator drone won't be able to find my phone signal, maybe use AWACS or a satellite, or possibly your mob connections, I will make you earn it. When all is said and done the internet will become obsolete. Thanks.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.