Forgot your password?
typodupeerror
The Internet Cloud Privacy Your Rights Online

New Russian Law To Forbid Storing Russians' Data Outside the Country 206

Posted by timothy
from the just-one-small-restriction dept.
TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.
This discussion has been archived. No new comments can be posted.

New Russian Law To Forbid Storing Russians' Data Outside the Country

Comments Filter:
  • The FSB is grateful for your assistance citizen! I
  • by Mashiki (184564) <mashiki@gmailCURIE.com minus physicist> on Friday July 04, 2014 @11:01PM (#47386591) Homepage

    There are plenty of countries that already do this at the federal and state/provincial levels. And a lot of companies are following suit, especially after privacy laws have been toughened up by federal law.

    • by EEPROMS (889169)
      The problem I can see here is what do you define as being personal data. There are tons of social media sites with Russians posting content and they need to hand over some personal details to create an account.
      • by gl4ss (559668)

        and they want that data to be inside their reach.

        and the emails of course too.

        watch russians start lying their country in about 3 minutes and companies that have any presence in russia for selling ads going to either ban russians from using their online services or migrate the company completely out of russia(more likely, since it's easier and possibly becomes a selling point as well, to russians).

        • by Luckyo (1726890)

          Actually, as we have seen in China, this is bullshit. All that happens is you get similar companies rise in your own country, take the market freed by leaving foreign companies, build up the solid R&D without being oppressed by anti-competitive incumbent and then come to challenge those foreign companies in third markets.

          That is, for example, why Microsoft wants Chinese to pirate windows instead of leaving the country. Unlike many others, they understand that if they do, in a matter of few years there w

    • by Ardyvee (2447206)

      Would you have a list or know some of those? It might be something relevant for TFS.

      • by Mashiki (184564)

        Would you have a list or know some of those? It might be something relevant for TFS.

        Not off the top of my head, but I do remember Brazil, and Germany making some changes. Canada is doing something similar via pipeda [justice.gc.ca] this as well [wikipedia.org] Where the law doesn't cover it, companies are doing it on their own including avoiding routing through the US. For online in Canada see openmedia's bit. [openmedia.ca] Individual ISP's as well have been replying on what they give/send/comply/refuse to do, this is Teksavvy's response. [dslreports.com]

    • by LWATCDR (28044)

      Russia worried about privacy? Yeah....
      Just makes it easier for them to get their own citizens data, easier to tax and demand bribes from companies doing business in Russia, and hopefully makes it easier to spy on other nations because some of their personal data could end up in Russia.
      Anyone that thinks that Russia is open or pro privacy is living in a fantasy world.

  • These Russian online services will be very popular with Americans.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Americans in general don't care about privacy. There are very few countries where the public gives a shit.

      • Correction (Score:5, Interesting)

        by Anonymous Coward on Saturday July 05, 2014 @12:07AM (#47386793)

        STUPID and/or FOOLISH Americans don't care about their privacy; they Tweet, and Facebook, and store "their" files in the cloud (1960's style on a server they neither own nor control) and so on. MANY Americans, on the other hand, value our privacy just as much as our founders did back when they wrote a Constitution that limited our government to doing only a handful of specific things (NONE of which included either facilitating OR regulating OR snooping on ANY communications within the country other than the creation of a postal service) and prohibited the government from going through our "stuff" without a warrant that [1] is attached to some claim of a crime, [2] is taken-out by sworn oath of the officer [3] is specific about WHO, WHAT, and WHERE to search:

        The Fourth Amendment:

        "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"

        Those of us who still believe in those "quaint" and "out-dated" ideas, and who deny that the Constitution is a "living document" that can be evaded by any judge who wishes to "re-interpret" it to fit the current mood store OUR data on our own servers and do not use completely unnecessary "social media" sites that encourage adults to behave like self-absorbed teenage girls. Many of also resist using sites like Facebook where every click contributes to an empire of advertizing and data-snooping that funds political efforts to tear down all the limits on importing labor so its founder can get even richer by suppressing the wages of middle-class American IT people.

    • by TubeSteak (669689)

      The NSA will still be sniffing any traffic that crosses US borders.
      In fact, the NSA might prefer that you store everything overseas,
      as it gives them

  • Nice to see this trending.

    As for restricting culture, we still have actual people to interact with, so not to worry.
  • by caseih (160668) on Friday July 04, 2014 @11:08PM (#47386623)

    I wonder how such a thing is going to be enforced. Seems to me this is more about burdening Russian companies who use western services than it is about securing the privacy of Russian citizens. Besides if Putin forces all Russian companies to keep their data local then his cronies can more easily do their own spying on it, rather than have to beg the NSA to give them access, which given Russia's frosty relationship with the US, is probably pretty much cut off these days.

    • by superwiz (655733) on Friday July 04, 2014 @11:21PM (#47386679) Journal
      It is most definitely about burdening Russian companies. If the police raids their Russian offices they don't have the excuse "our data is stored abroad" anymore. Such an admission in itself would become and admission of guilt.
    • by AmiMoJo (196126) *

      It's economics. Russia introduced an import duty on GNSS receivers that don't support GLONASS, so now most vendors support both GPS and GLONASS on the same module. By creating this requirement Russia is giving its domestic data storage industry a boost.

  • by Anonymous Coward

    Looks like Russians will have to find somewhere else to go to if they want to buy from somewhere abroad.

    I understand the spirit of this law, but in reality it is too much like the Communications Decency Act that got passed in 1996 -- way too broad and sweeping.

    • by gnupun (752725)
      So will this shut down email communication between Russians and the rest of the world? According to TFA:

      The law which bans online businesses from storing personal data of Russian citizens on servers located abroad ... and apply to email services ...

      Under the new law, if a Russian were to send an email to a German, using a webmail service like Yahoo mail, won't the email text have to be stored outside Russia to make it easily accessible to the German? Is such a law really practical?

  • Maybe Livejournal will just move to Russia...
  • I remember a few years ago when a big US university rejected Gmail because they could not ensure US-only storage of data and they had data -privacy concerns about the foreign governments (whoops).

    At this point I don't really care if my data is in Belarussian hands because they cannot hurt me. Russians should likewise consider wanting to store their data ovetseas.

  • As another pointed out, Russia isn't anywhere near the first country to do this; in fact, doesn't the European Union require it Union-wide?

    Anyway, I'm most curious how the Kremlin defined "personal". Being that a lot of us are software industry programmers, product managers, etc., it'd be useful to know what kind of changes we need to make to our respective companies' international back-end infrastructure.

    • by shutdown -p now (807394) on Saturday July 05, 2014 @03:39AM (#47387219) Journal

      This is completely different from EU directives. Those pertain to EU companies storing data. This one is about all companies storing data of Russian citizens. I am a Russian citizen residing abroad; by the letter of this law, if I create a GMail account, Google must host my inbox data on a server in Russia, even though neither of us two is there. If they do not comply, their servers will be blocked inside Russia.

      This is not a privacy provision like EU directives are. It's about having the data on Russian soil, where it can be easily examined without a warrant, or even a notification that it is happening (see also: SORM-2).

      • by Luckyo (1726890)

        Incorrect. EU directives are not about "EU companies" but "companies operating in EU". I.e. companies that store information about EU citizens.

        These measures appear to be more broad in their storage requirements, but they closely mirror European regulation in terms of who they are directed at.

        • Give one example of EU blocking servers of some American company, on the grounds that they're "operating in EU" because a EU citizen opened an email account there.

          You can't, because there's no such thing.

          Yet this is exactly what the Russian law purports to do.

          • Re: (Score:2, Interesting)

            by Luckyo (1726890)

            Blocking servers is currently on the table in EU, it's just not implemented yet. Juncker has made it very clear that one of parts of his IT agenda is to push for actions like those to prevent US monopolies from both serving EU customers to US intelligence on a silver platter as well as completely chocking life out of all competition through monopolistic action.

            There are many other implementations, such as fines however.

            • How do you fine a company that does not even operate in your jurisdiction?

              • by Luckyo (1726890)

                If you have any customer relations in the region, you do in fact operate there. The argument you are trying - that if you don't have a direct office in the region you don't have to obey the local law has been tried in the court of law and shot down in flames across EU many times.

                • That's bullshit. If your argument were to fly, all American and European companies would have to e.g. comply with Saudi obscenity laws, which is obvious idiocy.

                  • by Luckyo (1726890)

                    They do comply with them when they work in there. I have several friends who work for oil refinement industry who had to work there. They tell amazing stories of the hoops companies jump through to be able to operate in the Kingdom.

        • EU directives are not about "EU companies" but "companies operating in EU". I.e. companies that store information about EU citizens.

          No, companies that operate in the EU have operations in the EU -- offices, warehouses, datacentres etc. If I buy from Stewart-MacDonald's instrument-making supplies in the US and they ship the goods to my EU address, that's not "operating in the EU", they're operating in the US.

          Yes, companies like Google did initially try to argue that they weren't really "operating" in the EU per se, but they were called up on their location-based advertising.

          • by Luckyo (1726890)

            That was my argument, yes. The old bullshit argument used by several companies, including google (which was the most visible one, but far from the only one) was that if they do not have an office or a datacenter in the country but they serve the local customers, they don't have to obey local laws.

            This argument has been shot down in flames and in fact the new commission under Juncker as well as large member states will highly likely push for more limits on such operations (according to his official agenda li

        • Having read your posts further down, you appear to believe it is OK for the EU to extend at least some of their laws to people who do not live in the EU. So, if I post something to the Internet that is legal to post in my country, but is illegal to post in the EU, it is perfectly appropriate for the EU to consider me a criminal if someone in the EU reads it.
          The basic problem is that you think of these laws as applying to big companies such as Google or Amazon, but forget that they also apply to a one-man
          • by Luckyo (1726890)

            Completely ok as long as these people do business in EU, as far as it pertains to business in EU. Same applies to all states, including US.

            In other words, I think that some of the US approach to the same situation is over the top because it concerns business done outside US.

            I have absolutely no problem for the same rules applying to one man operations and large business, so long as they are fair for consumers and states those consumers live in. In fact, one of the biggest problems in business/state relation

            • So, basically what you are saying is that you are OK with the world being dominated by large corporations that can afford to deal with the various and sundry regulations that exist only because the governments were able to convince the population that they needed more power in order to prevent those large corporations from dominating the world.
              • by Luckyo (1726890)

                I'm saying the exact opposite. It takes a warped mind to interpret my words in the exact opposite way that they are intended.

                If you look at EU, it's choke full of examples of exact opposite of what you're claiming, and most of the examples that are actually like you're claiming are found on the national level.

                • I do not interpret your words in the opposite way they are intended. I interpret your words on the basis of the consequences of the policies you espouse. The only way to avoid that is policies which drive up costs for consumers by eliminating competition from companies not based in a particular country.
                  • by Luckyo (1726890)

                    You seem to view "increased costs to customers" as a greater evil than "not obeying local laws".

                    I find your view downright appalling.

                    • You seem to think that small businesses can stay in business if the cost of obeying local laws increases their costs above what the market will bear. I find your view frightening.
                    • by Luckyo (1726890)

                      That is what various small business subsidies are for. In modern world, small business is already largely unviable without them due to effects of globalization on the economy and impact of large international conglomerates.

                    • The biggest obstacle to small business in today's economy is the barrier to entry created by government regulations. It is not large international conglomerates, nor is it the globalization of the economy.
                    • by Luckyo (1726890)

                      That is easily proven false. Small business enjoys massive government assistance, including start money, tax breaks, freedom from much of the red tape with accounting that larger business has to deal with and so on.

                      In spite of all this, it's almost impossible to break into the market that is already controlled by globalized megacorps that can outprice you, outproduce you and out-R&D you.

                      If you were to remove this assitance, vast majority of small business would be dead within a year across Western count

                    • Wow, you have clearly never attempted to start a business. I have looked into several businesses. They were all things I could have easily started as part time and held done a full time job until they started bringing in enough money to replace my income. Unfortunately, it would have cost me more than I could afford to satisfy the government regulations and the business would not have provided enough income to cover those costs for several years.
                    • by Luckyo (1726890)

                      I have no idea which country you are talking about - though I suspect Liberia et al probably have no programs to help small business in the starting phase. Well, they do actually IIRC, but that's funded by foreign donors as a part of development aid.

                      On the other hand essentially entire EU has a wide-reaching support network for starting a small business. Right now, if I had a decent idea, I could walk to my local government office responsible for the subsidies, file the forms and likely walk away with sever

                    • That is great, if you are talking about a business that will earn you hundreds of thousands of euros, but what if you anticipate that your business idea will bring in a dew thousand a year?

                      In fact the biggest complaint from the small business owners is usually that once the initial help package is used up, the "drop" in support tends to sink small business.../quote And right there, you point out the problem. Small businesses get that assistance and as a result have to become bigger than the entrepreneur is ready to handle so that when the assistance runs out, they do not yet have the skills and cash flow to maintain the business. As to wanting replacement income early, you exactly miss my point. I know full well that it is going to take a long time for a small business to earn a replacement income. That is exactly why I want to keep my regular job while I start a business. Government support will not, and cannot, solve the problem created by excessive government regulation. Regulation does NOT hurt big business. It never has and it never will.

                    • by Luckyo (1726890)

                      In other words, you understand the problem, you just reject your understanding of it.

                      P.S. Please tell us how monopoly regulation doesn't hurt microsoft with those billion-level fines, or how chemical directive didn't hurt manufacturers who had to invest into phasing out mercury, and countless other examples. Because both companies involved as well as commission agreed on the fact that it was in fact harmful - they just disagreed on whether benefits to the public were sufficient enough to offset it.

    • As another pointed out, Russia isn't anywhere near the first country to do this; in fact, doesn't the European Union require it Union-wide?

      The EU directive isn't about local control, but about data protection standards -- non-EU countries can apply to be considered equivalent if their laws have suitable protections. Although the EU did kind of give up the moral high ground when it granted equivalent status to Israel, mere months after Mossad sent a death squad into one of the Arab countries on cloned EU passports....

  • You can feel it in the air.
  • by philip.paradis (2580427) on Friday July 04, 2014 @11:20PM (#47386671)

    As stated in the subject line, security through legislation is no security at all. If anything, this will weaken information security for Russians. It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on. I'm genuinely amused.

    • by Max_W (812974)

      ...security for Russians...

      The Russian society is divided in numerous socioeconomic groups, the same as the US or any other society.

      These groups have different understanding of security, and completely different interests in general. For some, security means keeping control over their power and billions, for some finding at last a job or starting a modest web-based business.

      There are not only Russians, French, Americans, etc., but also socioeconomic groups with very similar interests and aspirations.

  • by dbIII (701233) on Saturday July 05, 2014 @12:05AM (#47386785)
    Nationalism aside it's not a bad idea, since having your medical records sent to the Phillipines for data entry and many similar stupid shortcuts are bad ideas. If your sensitive information is being stored in a different legal juristiction where people speak a different language there's not much you can do if someone wanders off with it and puts it to other uses unless you have as many international lawyers on staff as IBM.
    • by AHuxley (892839)
      Russia knows its user count, networking speeds (past copper, new optical) and cpu needs to switch or database at a commercial and gov level.
      Some options are:
      Import software and hardware that is perfect in terms of heat, speed, future needs, size, support and code supported.
      The US or its competitive 'clone' is great on any site due to instant backdoor support.
      Import hardware that is perfect in terms of heat, speed, future needs, size, support. Try and rewrite all needed code in Russia.
      The US or its co
    • It's not about medical records. It's about things like personal email.

      They don't want to protect the users from NSA. They want to make it easier for themselves to play NSA.

      • Do I need a million examples instead of just one? Come to think of it personal email is another good example considering the fuckup this week by someone at Goldman Sachs who wanted an email sent to gmail deleted. Despite it being an incredibly stupid idea a lot of commercially sensitive information is sent via email where it can be easily read by anyone with access to routers on the way to it's destination. Given how there is no real boundary between government and commercial interests in some parts of U
        • Dude, I am Russian. There's no "nationalism" or "jingoism" angle in what I wrote, you're arguing with a strawman.

          And yes, I would vastly prefer for my emails to be hosted in the US, for personal safety reasons. Not my own anymore - I'm already safely in US so I can wave a middle finger at the assholes in charge of ruining my home country - but my parents are still there, and they hold some, shall we say, unpopular political views. Which they don't blabber about in public, but now apparently it's not a good

          • ... and the point is keep the stuff close enough that you can at least in theory get local lawyers and politicians to do something about it when things go wrong.
            • There's no due process in my country. I don't care about theory, the practice is what it is. There's no-one to go to if things go wrong.

              • by cpghost (719344)
                Right. However, if you're not a US Person (i.e. if you don't have US Citizenship or a Permanent Resident Permit), there's no due process for you as well: NSA can access your GMail account without a warrant, because, well, you'd be a foreigner in their eyes, and foreigners are NOT protected by US laws in this area. No FISA court for you, comrade! That's the point: in Russia, they may pretend to follow due process (even if they don't), in the US, they don't even pretend to follow due process if you're no US P
                • Lack of due process to read my email is annoying, but not directly dangerous. Lack of due process if arrested for "extremism" or some such in Russia is what I'm more worried about.

                  • That's the difference in the mentality - when we say "government corruption" or "lack of freedoms" we don't mean the same things as citizens of Canada or US do. They just don't get it why are we laughing so hard when they tell us about their "outrageous" problems at DMV or somesuch.
              • by dbIII (701233)
                However you are in the US now so an equivalent idea would be to keep the information in the US to stop Russian agencies snooping on it.
                • I am in US, sure. My parents and grandparents are not.

                  As for keeping the information, I wouldn't want to use a company that'd store my data on servers in Russian, but I don't think the govt should be in business of enforcing that. What they should enforce is telling where the data is, and let me as a customer decide if I'm okay with it or not.

                  • by dbIII (701233)

                    but I don't think the govt should be in business of enforcing that

                    How about a government being in charge of enforcing that businesses disclose where their sensitive data is? For instance the company I work for uses a bank that processes all the financial data in India, which only became apparent when a long serious of network problems made it unavailable on many occasions.

                    • How about a government being in charge of enforcing that businesses disclose where their sensitive data is?

                      That's exactly what I meant by "What they should enforce is telling where the data is".

  • by GoodNewsJimDotCom (2244874) on Saturday July 05, 2014 @12:16AM (#47386817)
    All a guy who wants to stir up trouble would need to do is to put their own personal details on a forum. Then they could call the authorities and go,"Look, on Joe USA's forum is my personal details".
  • Russian expatriates are Russian citizens too. And employment data is a thing that gets stored. I hope they're not looking for work with an Internet company...
    • Russian expatriates are Russian citizens too. And employment data is a thing that gets stored. I hope they're not looking for work with an Internet company...

      This is a hugely important point that bears repeating.

      Russian expatriates are Russian citizens too. And employment data is a thing that gets stored. I hope they're not looking for work with an Internet company...

      Therefore it will be illegal, on a technicality, for any citizen to work overseas. In fact, it will be pretty difficult to even do any translation work.

      What has gone little noted in the press (outside of non-Russian Russian-language newspapers is that Russia has implemented laws to try to prevent emigration. Dual citizenship is illegal, and if you get a residency permit for a foreign country, you have to deregister as Russian resident, and get a special

  • Does this affect the rest of the world? Nope.

    Let's move on, nothing to see here.

    • There WILL be legislation proposed very soon for a similar restriction on US companies. That it is stupid, irrational and anti-privacy won;t stop some ignorant legislators from suggesting it. So in that sense alone it does affect the US...
    • Does this affect the rest of the world? Nope.

      Selfish git.

      But that aside, it does affect the rest of the world, as there are many people in the world who operate international web businesses, and they are going to lose access to a pretty large market thanks to this. I'm currently speccing up a service, and as a result of this legislation, I can no longer assume anything about the viability of a Russian translation, and I'm going to have to calculate the viability assuming only the Russian-speaking populations of places like Ukraine, Lithuania and vario

  • To restrict Russian citizen's access to about 90% of the internet.
    Yes, the big names might hire servers and staff in Russia... and cooperate with the Russian government.
    But the smaller organizations? No way in hell they can afford that.
    It's mostly another form of the Great Firewall of China.

  • As a regular end user, I would really prefer my data to be in the hands of a foreign govt than my own govt. The foreign govt doesn't really have any power over me & can't do much with my data.

    • by cpghost (719344)
      Beware that the foreign government can secretly or openly cooperate with your own government to rat you out.
  • Seen from the outside world, most, if not all, US clouds are accessible to the NSA and other US state agencies. Especially if you're not a US Person, those agencies can request your data without a warrant at all. So what the Russians and Brazilians and soon to follow other nations are doing is this: they don't want you to post your potentially incriminating personal data on NSA-controlled servers when the NSA could use them to blackmail you should you work in an important position in politics, industry etc.

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...